Security Business Partner

Join us as a Security Business Partner

• In this key role, you'll apply effective risk management and decision-making capability, anticipating and assessing the potential impacts of risk associated with information and cyber security across the relevant business areas
• You'll make sure that the impacts of strategic information and cyber security initiatives on the operational risk and control profile are evaluated, managed and mitigated
• You'll enjoy a varied and extensive breadth of work in this fast-paced and varied role, and you'll gain valuable exposure across a broad range of senior level stakeholders

What you'll do

As a Security Business Partner, you'll support and regularly engage with specialist Security stakeholders including second and third lines of defence, and other relevant stakeholders. Working closely with the Control Testing team, Franchise and Function Control teams and the second line risk, you'll also provide support on framework execution as an information and cyber security expert, including risk and controls assessments, control design and articulation, control testing and policy compliance, in relation to information and cyber security related risks for the relevant business areas.

You'll lead informed discussions of information and cyber security risk for relevant business areas and products. We'll look to you to create a culture of continuous improvement, increasing efficiency and productivity through great people leadership, coaching, engagement and development of skills.

Day-to-day, you'll:

• Manage stakeholder relationships with Security and support them with managing their risk and control profile
• Provide an aggregated view of the control environment for the relevant information and cyber security business areas
• Support the relevant technology and digital business area in interactions with second and third lines of defence on risk and audit engagements
• Manage the completion of risk and control assessments in line with the risk framework for Security
• Produce and review risk committee packs relating to information and cyber security, including relevant MI and assessing the aggregated risk profile
• Support Security in interactions with second and third lines of defence on risk and audit engagements

The skills you'll need

To thrive in this role, you'll need an extensive understanding of the relevant businesses, specifically key products and information and cyber security risks, to enable informed discussions of risk. In addition, you'll need knowledge of risks and controls associated with information and cyber security, including industry frameworks such as NIST, ISF SOGP, MITRE, COBIT, CRISC and similar, as well as risks associated with technology outsourcing.

On top of this, you'll bring:

• A breadth of demonstrable knowledge across all cyber and information security domains including privileged access management, security operations, vulnerability management and governance
• Proven ability to deliver high quality outcomes and experience of applying information and cyber security risk and control assessments in an operational and strategic context
• Comprehensive experience in information and cyber security risk management and audit or control frameworks as well as experience of working in a fast paced information and cyber security risk or audit environment where priorities shift rapidly
• Strong senior stakeholder management skills