Back Associate Director, IT Security

Requisition ID 33467 Office Country United Kingdom Office City London Division Information Technology Contract Type Fixed Term Contract Length 3 years Posting End Date

Purpose of Job

The Associate Director, IT Security provides ownership and leadership in defining, implementing and maintaining policies, procedures, controls and standards to ensure a secure, controlled and resilient Information Technology work environment for all Bank IT systems and users. The role interacts with all levels of management across the Bank to support the Bank’s strategy through effective selection, implementation and support of strategic and tactical IT Security initiatives and solutions.

Accountabilities & Responsibilties

• Establish, implement and maintain consistent and repeatable IT Security related Standards, Policies, and Procedures, aligned to the international standard for Information Security Management Systems, ISO 27001: 2013.
• Establish, implement and maintain a suite of IT Security tools to protect IT systems and give visibility of potential threats and vulnerabilities.
• Development of clear and concise reporting suitable to be presented to IT Management. This includes submissions of regular Key Risk Indicator reports that can be used to prioritise IT Security activities.
• Work closely with members of Operation Risk and Information Security to ensure IT Security and associated risks are appropriately managed.
• Establish, implement, test and maintain the policies and procedures within IT to ensure a robust and resilient IT environment that can meet the Bank’s Business Continuity requirements.
• Manage the annual resilience exercises from an IT perspective.
• Coordinate responses to Internal Audit recommendations to ensure that audit observations related to IT Security are appropriately managed.
• Co-ordinate vulnerability assessment and penetration testing as well as managing the associated remediation activities.
• Contribute to IT Security compliance with the Bank’s Internal Control Framework to ensure the accurate completion of annual testing schedules.
• Define the minimum IT Security and Business Continuity requirements for IT projects and IT operations, ensuring alignment to industry best practice recommendations.
• Provide expertise in the definition, selection and implementation of IT Security and Business Continuity related controls to the IT Department.
• Management of the IT Security and Business Continuity service providers, vendors, and consultants to ensure key objectives and deliverables are met in an efficient manner.
• Provide guidance and assistance to IT Senior Management and other areas within the Bank with regard to addressing IT Security, Business Continuity and IT Change issues.
• Keep abreast of all IT Security trends and best practice recommendations to ensure the Banks IT Security strategy is fit for business and future proof.
• Manage and promote IT Security and Business Continuity to ensure that the business understands the value of best practice and supports these key objectives.

  Knowledge, Skills, Experience & Qualifications

  Experience/Knowledge

  • Extensive understanding of IT Security environment, policies, guidelines and standards.
  • Experience of relevant standards (ISO 27001, 27005, 27015).
  • Experience of working in the Financial Sector.

    Skills

    • Excellent interpersonal skills, including tact and diplomacy.
    • Leadership skills.
    • Fluency in oral and written English is essential and also good writing skills.
    • Good understanding of the Bank’s processes and procedures.
    • Extensive and proven track record of working within the IT Security arena at a senior managerial position.
    • Ability to operate sensitively and effectively in a multicultural environment.
    • Ability to communicate effectively to a wide variety of audiences in and outside EBRD.
    • Ability to work both independently and as part of a small team.
    • Good team player with strong interpersonal and diplomatic skills.