Vice President, Information Security Risk and Control

Job information:

• Functional title – VP, Information Security Risk and Control
• Department – Chief Controls Office
• Corporate level - Vice President
• Report to – Executive Director, Technology Risk and Control
• Location – London

What you will be doing:

This is an exciting opportunity for a talented individual to join our newly formed Chief Controls office (CCO), a dedicated first line risk and control function.  This role has arisen due to the expansion of responsibilities, offering the successful candidate the opportunity to make an impact and actively contribute to the evolution of this new group.

As part of the CCO team, you will play a key role:

• Improving the oversight of non-financial risks, bringing risk and control subject matter expertise to partner with 1LOD business owners to proactively identify, assess and mitigate risks.
• Providing cross functional oversight across the first line, driving best practices and consistency in control standards for the effective control of risks to within risk appetite.
• Driving behaviors to foster a risk-aware and risk intelligent culture where employees recognize their role as risk managers and the importance of the control framework.

The role would suit candidates with 2LOD/3LOD experience looking for an opportunity to move into 1LOD, or candidates with 1LOD control/ control remediation/validation or Technology experience.

The Information Security Risk & Control Vice President is a key member of the CCO team who will work closely with the Information Security department (part of the Technology division) in the control of risks. This includes but not limited to:

Strategic:

• Develop and implement a consistent, effective and efficient approach to the control of risks
• Identify and deliver best practices in control standards across CLS
• Lead Technology’s engagement with Audit, also key liaison with 2LOD Risk and Compliance

Operational:

• Support the identification, assessment of risks and controls
• Review remediation plans from a risk/control lens to ensure risks are sufficiently addressed, consider design/operating effectiveness, strategic/tactical solutions etc
• Monitor and report on corrective actions
• Contribute to risk appetite statements and emerging risks
• Review KRIs to ensure meaningful metrics for management oversight, review/challenge breaches to understand root causes, consult on lessons learned exercises and work with business owners to develop a ‘path to green’ where appropriate
• Consolidate and report on the results of risk and control activity to internal stakeholders, escalating as required

Leadership:

• Support adhoc cross-Technology control initiatives where appropriate
• Build strong relationships with peers to enable cross functional oversight, and develop and implement best practices.
• Share knowledge and experience with other members of the team, driving consistency and ‘added value’
• Establish positive working relationships with senior stakeholders across the business.

What we’re looking for:

• Experience of Internal Audit engagement, control remediation and audit validation either from a 1LOD ownership perspective or 2LOD/3LOD validation
• Knowledge of Information Security within Financial Services, and ability to demonstrate an understanding of key challenges and risks which must be mitigated and managed to enable successful delivery
• Minimum of 5 years or more of experience in one of more of the following:
  • Information Security Risk Management
  • Internal Audit
  • Compliance
• Knowledge of Financial Services, Financial Markets Utilities or another highly regulated industry sector is essential
• Experience of regulatory engagement preferred.

Professional qualifications / certifications

Qualifications in any of the following specialisms would be beneficial but not essential:

• Risk Management
• Internal Audit
• Compliance
• Project Management
• Information Security process governance

#LI-JW1