Information Risk Manager

Primary Location

:SC-Mahe

Job Type

:Permanent

Posting Range:23/01/2012 - Ongoing

Description

Job Purpose

The job holder will be responsible for implementing the information risk programme in country. The primary function of the role is to ensure information is protected effectively and consistently with its criticality. Ensuring that Audit, Regulatory and Governance requirements are realised globally.

Key Accountabilities

Information Risk Management Organisation and Relationships

• Operate as a direct report to the Country COO and working closely with HR, BCM and GRCB Technology.
• Build and maintain effective relationships between the Information Risk function and local business areas.
• Continuously develop IRM capability in line with needs and expectations.
• Find and share best practice.
• Identify and assess key IRM risks and issues of significance.
• Promote Barclays as a secure organisation to do business with, embedding Information Risk Management in to the local culture.
• Be a custodian of Information Management in your locality.

Policy, Audit & Regulatory translation

• Understand and enable group policy whilst ensuring local requirements are catered for.
• Monitor compliance of policy and standards and drive the closure of gaps.
• Communicate risk based policies and minimum standards and approve exceptions.
• Use risk management principles to safeguard Data Privacy, and the confidentiality, integrity and availability of information in accordance with the bank's operating model and risk appetite.

Project Engagement

• Influence (but not run) new projects and provide steering to fix crucial IRM issues.
• Ensure that new projects follow the GRCB Risk Framework.
• Apply consistent security risk indicators to all projects and identify those with high risk.

Risk Assessment

• Provide the tools and information to create a threat profile.
• Use risk scorecards and provide consistent assessment to determine business purpose of applications, what the application does and how it will do it (logical flow).
• Understand the user community and user environment for the application.
• Identify data elements relating to regulatory, availability, integrity and continuity requirements.

Third Party Management

• Perform Information Risk due diligence on all new 3^rd Parties to ensure a duty of care is provided for data and assets.
• Ensure risk is mitigated in accordance with policy and governance, and that regular reviews of risk are provided.

Risk Base Lining and maturity Modelling

• Supply and own Key Risk Indicators and minimum baseline reporting to provide consistent metrics.
• Once established, create and maintain a maturity model and skills matrix for your country.
• Provide regular maturity testing updates and report to management.

Logical Access Management

• Assist the Logical Access Administration Team with identifying appropriate mandates / role profiles for employees, contractors and vendors.
• Establish a process that maintains roles through movements of individuals (joiners/movers/leavers).
• Assist with monitoring adherence and violation of mandates.
• Identify in scope applications that do not meet SOX requirements.

Awareness Training and User Education

• Provide and implement a mandatory Awareness Training programme that will promote and embed a risk and security awareness culture within the business.
• Work with local HR teams to ensure New Joiners induction training includes Information Risk awareness.

Qualifications

Technical Skills / Competencies

Preferred

• Detailed understanding of the principles, practices, and techniques related to Information Risk Management.
• Technical Security background and experience of working on application developments
• A good understanding of the issues faced with outsourcing to external vendors and experience of conducting vendor assessments.
• Knowledge and understanding of the implications, to Barclays, of the laws and regulations associated with Information Risk.
• Ability to influence senior management in relation to important Risk decisions.
• Proven leadership, relationship management and communication skills.
• Certified Security or Audit Qualification (CISSP, CISA, CISM etc…)

Essential

• Experience within a financial institutional - preferably retail banking.
• Experience in any operational security roles

Experience, Qualifications

• Information Security Management or IT Systems Auditor Background
• Experience of COBIT, ISO27001, ISF or other relevant frameworks
• A working knowledge of Microsoft Office tools, Windows, UNIX and other platforms and applications

Information Risk Manager