Cyber Security Risk Oversight Manager
| Posting date: | 02 July 2024 |
|---|---|
| Hours: | Full time |
| Closing date: | 01 August 2024 |
| Location: | Edinburgh, EH12 1HQ |
| Company: | NatWest Group |
| Job type: | Permanent |
| Job reference: | R-00236492 |
Summary
Join us as a Cyber Security Risk Oversight Manager
- This key role will see you providing oversight and challenge to the first line of defence on material cyber risks for new initiatives and existing solutions
- We'll look to you to provide technical expertise and challenge on how cyber security projects are managed, while supporting the business areas managing cyber risk actions and mitigating controls
- You'll have a real opportunity to add value and deliver lasting results in this role, as you understand the impact on risk appetite and provide challenge to drive improvements to the cyber security profile of the bank
What you'll do
As a Cyber Security Risk Oversight Manager, you’ll be overseeing the cyber security risk across each business to make sure it’s understood, measured and within appetite. This includes opportunities to support with improving communication, as well as the training and awareness of cyber security across the three lines of defence model, including conducting suitable assurance.
Alongside this, you’ll work and partner with the first line of defence to provide strategic direction and oversight on the adequacy of their operational risk mitigation strategies, frameworks and plans, specific to technology, and cyber security, and attend respective committees and governance fora.
You'll also be:
- Providing a credible, second line of defence challenge to business senior management, business teams and policy standard owners on the effective management of operational risks
- Detecting inadequate or ineffective controls to mitigate cyber risk to the desired level and challenging the appropriateness of risk appetite
- Gathering intelligence and building actionable insights, using internal and external sources, and validating the identification and assessment of operational risk, highlighting any material risks overlooked
- Undertaking regular business reviews of material risks and of adherence across all operational risk, and using the output to inform debate and action with business executives and senior management
- Providing expertise to business management and policy standard owners on the identification, assessment and control of operational risk
- Driving focus and action on building a strong level of resilience into critical processes in the bank through influence and challenge at senior levels
The skills you'll need
We're looking for someone with significant cyber security experience, paired with the ability to challenge senior management positions, and a strong track record of delivery across multiple businesses, involving complex stakeholder, process and technology issues.
Along with this, you’ll have knowledge of the regulatory environment pertaining to large, complex financial service organisations and the ability to maintain industry risk management leadership with high levels of awareness of front line processes, including hands on practical experience.
You'll also need:
- A recognised qualification in cyber such as CISSP or CISM, and experience in cyber security management, including oversight challenge
- A strong understanding of managing and measuring cyber risks relevant to key business activities undertaken in a financial services organisation
- Technical expertise and an in depth understanding of the risks arising from the deployment and use of Cloud and associated platforms
- In depth knowledge of risks, threats, and vulnerabilities, as well as industry security standards and policy
- The ability to consistently exercise sound and decisive judgement
- Strong communication and organisational skills