You will have had 2nd line of defence responsibility for a range of critical activities necessary to strengthen and maintain the data, information security, data protection and cyber control environment throughout the Bank.

Liaising with all levels of seniority, this role includes extensive interaction with all parts of the Bank's operations and support functions

• Location: The City
• Salary: £90K - £110K
• Hybrid working: 4 days office based with 1 day working from home.

Main Responsibilities & Accountabilities:

• Perform a current-state analysis to:
  • Assess the Bank's existing information security (IS) control environment
  • Identify the current controls aligned to these risks and highlight potential control gaps;
  • Develop a strategy for enhancement to manage those risks in line with the Bank's agreed risk appetite;.

• Design and maintain a governance framework to capture strong cyber resilience, information security, data security and data protection;

• Provide Bank-wide supervisory oversight, management reporting, and policy for the existing IS, data, and cyber control framework;

• Support delivery of activities identified in the annual Compliance Monitoring Plan.

• Undertake ongoing monitoring of key data and IS risks. Develop and deliver staff and stakeholder training on data protection/privacy regulatory requirements and cyber security, enhance management reporting information (KRI/KPIs). Build a profile of the Bank's cyber threats and associated controls and provide Management with recommendations to enhance key cyber controls;

• Fulfill the Deputy Data Protection Officer role in line with the requirements of current and incoming Data Protection Regulations (GDPR).

• Provide advice and ongoing oversight on Operational Resilience aligning the Bank's practices with regulator expectations

Skills/Experience required:

• A minimum of 5 years' experience in a senior role in a European financial services organization with responsibility for Data Protection, Data Governance, and/or Information Security.

• Data/Cyber/Operational Resilience experience from a Compliance perspective. You will have worked in a Compliance department :2nd/3rd line of defence/ a Regulator; or a Big 4 /advisory firm.

• Experience of compiling Compliance reviews

• Working knowledge of current and changing cyber threats and mitigating control strategies with demonstrable experience of working with or advising on a cyber control activity or change project.

• Practical understanding of key aspects of UK data and information protection regulations (GDPR) and best practices.

• Excellent communication skills are critical to ensure risk and control understanding is embedded throughout the business.