The Senior Information Security Consultant is a member of the Bank’s Security Risk Management team, responsible for cyber oversight and review of third-party relationships, cyber risk management and reporting, business co-ordination of data loss prevention tool usage, security policy and promotion of a strong cyber security culture through training and awareness.
Key stakeholders include the business information security officers, technology team, third party management team and the data protection team.
The role holder will primarily be focussed and engaged on activities related to Third Party Management but will also be required to support the other responsibilities within the team.
- Develop and implement third party cyber security standards for the Bank
- Partner with security and external stakeholders to build and maintain a strong cyber security third party oversight programme aligned with the NIST framework
- Conduct due diligence and assurance checks on key third parties to ensure cyber risk is managed in line with company risk appetite
- Periodically update and review the repository of cyber due diligence questions
- Perform out of plan targeted reviews of third parties as required
- Participate in service and monitoring reviews of business critical third parties
- Work on internal security projects with the opportunity to become an SME in certain key technical tools used within the team, e.g. data loss prevention and phishing tool sets