GFED and Group Controls CISO

Job Description

Purpose of the role 

To provide a primary liaison service between the business, technology, and security functions. In order to ensure the confidentiality, integrity and availability of information, and support the mitigation of security risk.  

Accountabilities 

• Collaboration with stakeholders to understand their security requirements in business processes and IT projects, to enhance overall risk management. 

• Execution of risk assessments to identify and prioritise potential cybersecurity threats that could impact the banks operations and data and guide the implementation of mitigation strategies and communicate findings to relevant findings to relevant senior stakeholders. 

• Collaboration with business units to develop and implement security policies and procedures for the banks operations aligned to the risk management framework. 

• Management of the implementation, testing and monitoring of security controls across the banks IT systems to ensure the effectiveness of controls and mitigation of risk. 

• Execution of training content and sessions to educate employees, enhance cybersecurity awareness and provide guidance on safe online practices. 

• Management of complex cybersecurity incidents by collaborating with IT teams and response experts to effectively resolve cases through analysis, expertise support and project supervision. 

• Identification of emerging cybersecurity trends, threats, and new technologies to address potential risks by advocating the adoption of new security solutions. 

Manager Director Expectations 

• Drive and achieve overall success and / or competitiveness of a business division by influencing senior leaders and committees. 

• Strategically assess and manage risks to protect the business division / function and growth. 

• Influence company policy and develop functional procedures in conjunction with senior leaders / strategic positions across the business. 

• Demonstrate interpretative thinking for innovative solutions in complex situations and conceptual thinking in completely new situations. 

• Exercise management authority to make significant / complex business and strategic decisions that impact the Barclays Group, business division or function. 

• Negotiate with and influence stakeholders at a senior level both internally and externally and foster growth for Barclays business. 

• Mandated as the business division/ functional spokesperson or representative to external bodies and shapes the public image of Barclays. 

• Demonstrate exceptional knowledge of how business divisions and functions integrate with the Group to achieve the overall business objectives alongside industry theories and practices within own discipline. 

• Maintain broad and comprehensive functional expertise and significant product knowledge. 

• Accountable for the control and governance agenda of the business division / function. 

• Focus on the external environment, regulators, or advocacy groups to both monitor and influence on behalf of Barclays. 

Additional Job Description 

• Managing the security agenda for Group Functions, Enterprise Data and Group Controls. This division covers business units across Enterprise Data, Risk, Finance, Treasury, Legal, Compliance, Audit and HR in addition to the Chief Controls Office, Fraud and Financial Crime.
• Understand security items relevant to the business ("business intimacy") and ensure business understands security is a requirement 
• Drive bi-directional interlocks on cyber changes with the business and get agreement on change book of work 
• Coordinate cyber incident handling and crisis management with business Articulate cyber risk posture and developments relevant to Barclays business in the region 
• Provide technical security domain (e.g., AppSec, VM) expertise enabling the business to maintain a robust control posture and ensure operations are within risk tolerance (i.e., hygiene for domain); act as broker between business & Group control/product function 
• Manage CIO security change book of work and align priorities with technology teams to execute on security programs 
• Represent CIO risk position and requirements in control forums and committees 
• Provide business context to scope & execute security assessments (e.g., pen tests) and regulatory testing relevant to business 
• Manage cybersecurity for technology changes ensuring assurance throughout the development lifecycle to resolve security items before production 
• Offer cyber expertise and collaborate with business and technology partners to provide solutions for the business which are secure from the start and follow enterprise patterns 
• Work together with development teams to design applications which are secure-by-design 
• Provide management information on cyber risk and control position, KRIs/KPIs, and cyber incidents 
• Deliver security programs within business to improve overall security posture 
• Manage identification and closure of cyber risks (ORACs) specific to the business/entity/region 
• Manage security supplier risk specific to the business 
• Engagement in business/entity/regional review and approval of policy & standards 
• Contributions to and approval of business unit/entity CERPA, RSCA, etc. 

All Senior Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L – Listen and be authentic, E – Energise and inspire, A – Align across the enterprise, D – Develop others. 

All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave.  

.