Barclays moves, lends, invests and protects money for customers and clients worldwide. Please visit our website for more information.
Our risk teams protect our financial performance and reputation. Our team members have advanced technical skills across a broad range of disciplines, tackling issues from economic conditions to financial crime. They advise Barclays’ business leaders, helping them make decisions. Because risk management is so important to Barclays, we’re a highly visible team. During the recent economic downturn, we’ve been an essential part of keeping Barclays resilient. Please visit our website for more information.
Overall purpose of role:
- The job holder will be a member of the Group Cyber Risk Team which is responsible for setting group wide cyber policy to define appropriate capabilities to manage cyber risk, setting group cyber risk appetite, performing check/challenge of cyber capabilities and performance, and ensuring there is appropriate identification, assessment, and articulation of cyber risk.
- This role will focus on ensuring risks associated with cyber threat and cyber events (internal and external) are appropriately identified, assessed, and managed.
Key Accountabilities and Skills required:
This section should include:
- Key specific accountabilities.
- Oversight of the evaluation, response and monitoring of risk events that arise across Barclays Group. Oversight of Root Cause Analysis and Lessons Learnt processes for cyber events to ensure systemic issues are identified and managed appropriately. Check and challenge strategic remediation plans.
- Manage and deliver Capability and Risk Reviews with group control operators (Global Information Security and Infrastructure Services) and business units to validate control effectiveness, identify capability gaps, and highlight areas of risk. Particular focus on threat management capabilities including cyber intelligence, incident detection, and incident response.
- Monitor and analyse MI and key risk indicators across Barclays Group, providing insight into the impact on the risk position. Provide recommendations and deliver solutions to enhance oversight, visibility and assurance of risk position.
- Communication with senior stakeholders to ensure that the reported risk position is accurate, complete and fully understood.
- Stakeholder management and leadership.
- Negotiate risk ratings with senior stakeholders to ensure that Cyber Risks and controls are managed in line with risk appetite, and that Barclays’ senior management can make informed risk based decisions.
- Build and maintain relationships with key stakeholders in business units/functions and provide advisory services to support the adaptation of the core policy and standards.
- Report assurance activity outcomes to senior management.
- Present at forums attended by technology and cyber leadership teams relating to Governance, Risk and Control.
- Decision making and problem solving.
- Detailed analysis of output from assurance activities, understanding where there are impacts across multiple streams of risk related activity. Recommend and deliver solutions to enhance oversight of the risk position and facilitate informed decision making.
- Risk and Control: All Barclays colleagues have to ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Barclays Policies and Policy Standards
Your Skills and Qualifications will include
Technical Skills / Competencies
• Cyber security control expertise within complex networks/businesses.
• Thorough understanding of the cyber threats relevant to financial service companies, and expertise in assessing risk presented by emerging threats.
• Demonstrable competency in performing lessons learnt and root cause analysis for cyber security incidents.
• Experience of working within Cyber Risk field, including audit or internal controls, preferably in the financial sector.
• Demonstrable track record of strong teamwork and delivery, within and across departmental teams.
• Experience of working with multiple stakeholders of different levels.
• Strong analytical and project management skills.
• Strong communication skills, both written and verbal.
• Strong report writing skills.
• Strong influencing and negotiating skills.
Knowledge, Expertise and Experience
• English essential (written and spoken).
• Educated to degree level or equivalent work experience.
• Depth of knowledge of key areas in Cyber Risk, including vulnerability and threat management (identification, assessment , monitoring and mitigation), network security, application and infrastructure DDoS, software security, exploit mitigation controls and IT infrastructure.
• Extensive knowledge and experience in the following – Cyber Security, Cyber incident/threat management, risk management and root cause analysis.
• Obtained or perusing professional certification such as CISSP, CISM, CRISC, CISA, etc.
• Knowledge of banking regulatory environment.
Successful candidates will be capable and confident individuals with strong communication and influencing skills. Individuals must be highly motivated and capable of participating in multiple activities across various disciplines within the Bank.
It is also essential that the candidate has a flexible approach to work, is able to undertake other requirements (within reason), if needed, while ensuring that the core Cyber Risk responsibilities are maintained. A proactive and hands-on approach is essential to demonstrate the value that this role and function can add to our organisation.
A general awareness of Cyber Risk and its constituent disciplines, including relevant industry standards, e.g. NIST Cyber Security Framework, ISO27001, ISO17799, and COBIT, is required. Awareness of operational risk disciplines, key risk indicators relevant to Cyber Risk and a business-focused approach to controls are also necessary.
The Benefits: Our customers deserve the best. The same goes for our employees. That’s why at Barclays you’ll receive a range of benefits that include a competitive salary and all the tools, technology and support you need to succeed.
Our Culture: Everything we do is shaped by the five values of Respect, Integrity, Service, Excellence and Stewardship. The values inform the foundations of our relationships with customers and clients, but they also shape how we measure and reward the performance of our employees. Simply put, success is not just about what you achieve, but about how you achieve it.
Dynamic working gives everyone at Barclays the opportunity to integrate professional and personal lives, if you have a need for flexibility then please discuss this with the hiring manager.
Barclays is an equal opportunity employer and are opposed to discrimination on any grounds.