Cloud & Data Security SME

Position details

To ensure effective management and control of Cyber Security, IT and information risk for CLIENT EMEA entities by ensuring all appropriate Security, IT and relevant controls are in place, that these controls are being followed and that this is evidenced across the whole business and IT department.

The role will involve liaising with the other Cyber Security and IT functions within the CLIENT EMEA business entities and CLIENT group to ensure a consistent approach to all controls, standards and policies is adopted across the organisation.

To ensure all necessary Cyber Security controls are in place and that an appropriate strategy to protect the firm from all Cyber, external and internal threats is defined and being implemented.

To develop, implement and manage compliance with appropriate IS and Cyber Security policies, standards, procedures.

To support the relationship and associated reporting requirements between Technology and internal and external bodies e.g. auditors, management committees, Tokyo head office, regulators (via Compliance), Operational Risk.

Roles and Responsibilities

In this role, you will be responsible for Cloud & Data Security (as part of Cyber Security) across CLIENT's banking arm and securities business under a dual-hat arrangement. Under this arrangement, you will act and make decisions on behalf of both the bank and the securities business, subject to the same remit and level of authority, and irrespective of the entity which employs you.

Ensure NIST, ISO27002 and CIS aligned risk controls are covered, including but not limited to Cyber

Security Policies & Standards.

Ensure CLIENT EMEA operates under comprehensive and relevant Cyber Security policies and standards with appropriate staff awareness, compliance monitoring and reporting.

Monitor and proactively manage Cloud Security toolsets e.g CSPM

Hands on experience in managing and overseeing cloud security solutions across multi-cloud environments like Azure, OCI, GCP or AWS.

Manage and oversee container security controls for containerised workloads

Review and assess enterprise cloud architectures for security gaps and recommend mitigations.

Monitor, investigate, and track cloud security alerts using integrated ticketing workflows in ServiceNow.

Develop, improve and enforce cloud security standards, policies, and procedures.

Conduct Cyber Security reviews for existing and new, on-prem, cloud and 3rd party systems, solutions, firewall rules, architecture, network designs to ensure these are consistent with CLIENT's risk appetite, policy & standard requirements.

Technical knowledge in Data Protection technology (DLP, Data Access Governance)

Administration of the DLP tools which includes configuring policies, upgrading, and patching

Be seen as the Cloud Security (as part of Cyber Security) centre of excellence for CLIENT EMEA and ensure CLIENT adopts an appropriate and professional response on any Cyber Security issues raised by the organisation's business activities.

Liaise and collaborate with IT teams to ensure Cyber Security alerts, threats and vulnerabilities across the IT estate are highlighted, managed and mitigated within appropriate timescales.

Liaise with Technology and Business teams as necessary to ensure all CLIENT systems meet security

standards and/or agree appropriate measures to mitigate the risk where they don't.

Maintain an up to date, working knowledge of current laws, regulations and best practices relating to Cyber Security.

Support Operational Risk management & Operational Security duties where requested.

Support CLIENT EMEA Cyber Security risk profile and associated operational risk reporting.

Support Audit & Regulatory liaison and ensure consistent and timely answers to information requests.

Support any issues and remedial actions resulting from Cyber Security incidents and audits within agreed timelines.

Essential:

Degree or equivalent in IT related discipline with some programming knowledge or understanding.

Strong Cloud, Information or Cyber Security background with over 8 years of experience.

Strong ability to implement security solutions that enable business and the ability to work with vendors.

Strong knowledge of cyber security frameworks, standards, and regulations such as ISO27001, NIST, CIS, GDPR, etc.

Strong ability to analyse and distil complex issues and present succinct updates to management.

Active involvement in internal and external audits and experience of managing Audit relationships.

Relevant professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), Azure Security Engineer Associate, Microsoft Cybersecurity Architect, AWS Certified Security - Specialty or Certified Ethical Hacker (CEH) are preferred, as is exposure to GRC frameworks including (but not limited to) ISO27001; NIST, CIS benchmarks & Cyber Essentials / Plus.

Excellent communication and interpersonal skills

A structured, logical and proactive approach to work

Results driven, with a strong sense of accountability

Configuration of data security tools which includes configuring policies, response rules & notifications

Monitor and Analyse alerts.

The ability to operate with urgency and prioritise work accordingly

A calm approach, with the ability to perform well in a pressurised environment

Strong decision-making skills and the ability to demonstrate sound judgement

Comfortable in taking ownership of workstreams and seeing them through to completion

Self-awareness and confidence to challenge business requirements and deliver difficult messages

Commitment to continuous learning and improvement in the rapidly evolving field of Cyber Security