Up to £90,000 plus excellent bonus and benefits

HYBRID WORKING AVAILABLE

The Information Security Officer is responsible for safeguarding the digital assets and information systems of the private banking sector within the organization. This role involves developing and implementing robust cybersecurity measures, managing security threats, and ensuring compliance with industry regulations specific to private banking. The Information Security Officer will work closely with various departments to protect client data, prevent cyber threats, and ensure the integrity and confidentiality of sensitive financial information.

Key Responsibilities:

Cybersecurity Strategy & Policy Development:

• Develop and implement cybersecurity strategies, policies, and procedures tailored to the private banking sector.
• Ensure that cybersecurity practices align with the financial industry standards, such as the FCA (Financial Conduct Authority) regulations and PSD2 (Payment Services Directive 2).

Threat Intelligence & Monitoring:

• Monitor the banking systems for security breaches, cyber threats, and vulnerabilities using advanced threat detection tools.
• Analyze threat intelligence and respond to security incidents in real-time to minimize impact
• Stay informed about the latest cyber threats, particularly those targeting the financial sector, and proactively adjust security measures.

Risk Assessment & Management:

• Conduct regular cybersecurity risk assessments specific to private banking operations and client data protection.
• Develop and implement mitigation strategies to address identified risks and vulnerabilities.
• Manage and maintain the cybersecurity risk register, ensuring that risks are documented, assessed, and regularly reviewed.

Compliance & Regulatory Adherence:

• Ensure that the organization complies with relevant cybersecurity regulations and standards, including GDPR, PSD2, and FCA guidelines.
• Oversee internal and external cybersecurity audits, ensuring any compliance gaps are promptly addressed.
• Prepare and submit required compliance reports to regulatory bodies and senior management.

Incident Response & Management:

• Develop, maintain, and regularly test the incident response plan to address cybersecurity breaches effectively.
• Lead the response to cybersecurity incidents, including data breaches, phishing attacks, and other cyber threats.
• Conduct post-incident reviews and implement lessons learned to prevent future occurrences.

Data Protection & Encryption:

• Implement data protection measures, including encryption and access controls, to safeguard client data and financial information.
• Ensure that sensitive information is stored and transmitted securely in compliance with industry standards.
• Manage and monitor access to banking systems, ensuring that only authorized personnel have access to sensitive data.

Security Awareness & Training:

• Develop and deliver cybersecurity training programs to educate employees, particularly in the private banking sector, on best practices and emerging threats.
• Foster a culture of cybersecurity awareness within the organization, emphasizing the importance of protecting client data.

Third-Party & Vendor Security Management:

• Assess and monitor the cybersecurity posture of third-party vendors and service providers in the banking ecosystem.
• Ensure that third-party contracts include stringent cybersecurity requirements and conduct regular security reviews.
• Collaborate with vendors to address any identified security vulnerabilities or risks.

Cybersecurity Technology Management:

• Oversee the implementation and maintenance of cybersecurity technologies, such as firewalls, intrusion detection/prevention systems (IDS/IPS), and multi-factor authentication (MFA).
• Collaborate with the IT department to ensure that banking systems are securely configured and regularly updated.
• Monitor and manage security tools and software to detect and respond to potential threats effectively.

Reporting & Communication:

• Prepare and present cybersecurity reports to senior management, including metrics on security incidents, risks, and compliance status.
• Act as the primary point of contact for cybersecurity-related inquiries and issues within the private banking sector.
• Communicate effectively with stakeholders, including IT, legal, compliance, and external partners, on cybersecurity matters.

Key Qualifications:

• Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. 

• Certifications: Relevant certifications such as CISSP, CISM, CEH, or equivalent are highly desirable. Specialised financial industry certifications (e.g., CRISC, CISA) are a plus.

• Experience:

  • Minimum of 5 years of experience in cybersecurity, with at least 3 years in the financial services or banking sector.
  • Proven experience in managing cybersecurity in a regulated environment, with a focus on private banking or wealth management.
  • Strong knowledge of cybersecurity frameworks and standards, such as NIST, ISO 27001, and the Cyber Essentials scheme.