Organisation: Barclays Bank
Duty Station: Kampala,
Country Uganda
Reports to: Head of Retail Underwriting
About Barclays Africa:
Barclays Africa encompasses Barclays Global Retail Banking, Corporate Banking, and Barclaycard operations in 10 countries organised in four geographic areas: North Africa (Egypt), East and West Africa (Ghana, Tanzania, Uganda and Kenya), Southern Africa (Botswana, Zambia and Zimbabwe), and Indian Ocean (Mauritius and Seychelles).
Job Summary: The Head of Technology Risk Assurance and Governance will be a member of the GRB Information Security and Technical Quality Risk team responsible for implementing the information security programme and providing quality risk management and assurance within Uganda technology.
Key Duties
1. Risk and Controls Management:
Mange the Technology Risk Landscape, by ensuring required Risk Control assessments are completed and Effective controls are being tested for effectiveness on a regular basis and ineffective controls are tracked for closure.
Implement effective security controls into the environment following a risk based approach.
In put into the development of the Global IT Risk methodology which will then be implemented into BBU
Ensure all key stakeholders understand and buy in to the IT Risk Controls Framework .
Ensure technical security solutions are designed and included into key developments
Ensure that security risks in applications and systems are understood and mitigating controls are in place.
Providing technical risk assessment data for local business owners to translate into business risk terms, and on which to base business risk decisions
2. Governance and Audit Assurance:
Regulatory Attestation - Review issues provided by UK Governance, consider and declare additional issues; Provide current state assessments; Manage CIBULS/CIGLS local actions; Provide business unit attestations.
Management Assurance - Assist with defining the scope for controls assurance reviews.
Policy Management - Ensure all appropriate technology staff are aware of the new policy approval process and the policies which directly affect them; Review and advise on any policy non-compliance.
Closure Assurance - Provide an initial review of audit closure evidence and RCA final action closure evidence. Manage and track locally owned Audit actions.
Provide consultancy, advice and guidance on Information Security to both business and technology management.
Liaise with both Internal and external Audit groups on technology risk and control issues
Liaise with external industry and government groups to keep abreast of new security threats and initiatives.
Leverage ideas, solutions, remediation plans and security activities with other country IT Risk management system.
Provide oversight of any local IT Security/ Risk implementations.
3. Global Information Security Strategy and Plan:
Develop a local security strategy to meet business objectives, ensure that:
IT projects are designed and implemented with adequate levels of IT security
Security resources are used effectively and efficiently
Escalation processes are in place both locally and across the cluster to facilitate risk decisions.
Support and input to the centralised GRB International Information Security Programme to ensure that all local country requirements are addressed.
Build and maintain effective relationships between the information security function and local business areas.
Be an integral part of the Global Information Security Team, building relationships and sharing information.
Implement a security awareness program which incorporates the following:
- Mandatory information security training for all staff
- New joiner security induction
- Specific IT security awareness e.g. hacking, phishing incidents, spoofing, virus's etc
- Appropriate awareness tools and material are developed and communicated
4. Compliance with Information Security Standards:
Help to build and implement a set of fit for purpose security standards and procedures.
Ensure standards incorporate any local variants, applicable legislation and regulations where appropriate.
Ensure a local governance process is in place to review and approve deviations to policy or standards and participate in the International Governance Forum.
Provide advice and guidance on policy and standards interpretation to both the business and technology groups.
Implement a metrics program to measure compliance with the Security programme including:
Dispensations to policy and standards
Implementation of technical security standards per platform
Contract reviews and third party assessments and due diligence
Awareness and education participation and reach
Project Security risk indicators
Ensure IT Security functions are implemented in a manner that meets and exceeds compliance with standards
5. Service Continuity Management:
Work with the BBU BCM managers to undertake remedial action to make existing arrangements more affective. (Such as placing BCM with Operation)
Implement a fit for purpose, cross functional, business continuity capability within country utilizing the new Barclays BCM Tool.
Ensure fit for purpose disaster recovery IT infrastructures are established
Co-ordinate and control IT processes with business BCM coordinators
Manage and update the IT BCM tool to ensure upto date systems info is fed into the system and that the tool is maintained upto date.
Ensure an up to date IT asset regime is in place
Complete monthly reports accurately and timorously
Responsible for integrity of business continuity systems, IT methodologies and strategy within country
Managing and implementing the IT technical plan
Responsible for development, implementing and ongoing management of the IT aspects of continuity testing and proving regimes within country
Support to Business Continuity Plan owners with technical direction and support in fulfilling their BCM activities
Provide monthly reporting to the Head of IT on BCM activities and other stakeholders as the need may arise.
Qualifications,
The candidate should possess experience within a financial institutional - preferably retail banking.
Experience in any operational security roles
Information Security Background
A working knowledge of Microsoft Office tools, Windows, UNIX and other platforms and applications
Experience of COBIT, BS7799 or other relevant frameworks
Skills & Experience:
Detailed understanding of the principles, practices, and techniques related to Information Security.
Technical Security background and experience of working on application developments
A good understanding of the issues faced with outsourcing to external vendors and experience of conducting vendor assessments.
Knowledge and understanding of the implications, to Barclays, of the laws and regulations associated with Information Security.
Ability to influence senior management in relation to important security decisions.
Proven leadership, relationship management and communication skills.
Certified Security or Audit Qualification (CISSP, CISM, CISA)
Apply:
If you feel challenged by any of the above positions, and believe you can deliver on key deliverables as outlined above, upload your application letter, current curriculum vitae and photocopies of academic certificate to our recruitment website detail below:
https://barclays.taleo.net/careersection/2/moresearch.ftl?lang=en_GB
Barclays is an equal opportunity employer that recruits, develops and promotes people on merit, and rewards outstanding performance, regardless of background and gender.
For queries contact us on 0417122453 or email: barclays.uganda@barclays.com
Deadline: 26th November, 2013
