Barclays Bank Career Jobs – Head of Technology Risk Assurance and Governance

Organisation: Barclays Bank
Duty Station:  Kampala, Uganda
Reports to: Head of Retail Underwriting
About Barclays Africa: 
Barclays
Africa encompasses Barclays Global Retail Banking, Corporate Banking, and
Barclaycard operations in 10 countries organised in four geographic areas: North
Africa (Egypt), East and West Africa (Ghana, Tanzania, Uganda and Kenya), 
Southern Africa (Botswana, Zambia and Zimbabwe), and Indian Ocean (Mauritius
and Seychelles).
Barclays
Africa serves its 2.8m customers through a network of 573 branches and service
centres providing a variety of traditional financial products including retail
mortgages, current and deposit accounts, commercial lending, unsecured lending,
credit cards, treasury and investments.
Job Summary: The Head of Technology Risk Assurance
and Governance
will be a
member of the GRB Information Security and Technical Quality Risk team
responsible for implementing the information security programme and providing
quality risk management and assurance within Uganda technology.
Key Duties &
Responsibilities:
1. Risk and Controls
Management:
 
  • Mange the Technology Risk Landscape, by ensuring required Risk
    Control assessments are completed and Effective controls are being tested
    for effectiveness on a regular basis and ineffective controls are tracked
    for closure.
  • Implement effective security controls into the environment
    following a risk based approach.
  • In put into the development of the Global IT  Risk
    methodology which will then be implemented into BBU
  • Ensure all key stakeholders understand and buy in to the IT Risk
    Controls Framework .
  • Ensure technical security solutions are designed and included into
    key developments
  • Ensure that security risks in applications and systems are
    understood and mitigating controls are in place.
  • Providing technical risk assessment data for local business owners
    to translate into business risk terms, and on which to base business risk
    decisions
2. Governance and
Audit Assurance:   
  • Regulatory Attestation – Review issues provided by UK Governance,
    consider and declare additional issues; Provide current state assessments;
    Manage CIBULS/CIGLS local actions; Provide business unit attestations.
  • Management Assurance – Assist with defining the scope for controls
    assurance reviews.
  • Policy Management – Ensure all appropriate technology staff are
    aware of the new policy approval process and the policies which directly
    affect them; Review and advise on any policy non-compliance.
  • Closure Assurance – Provide an initial review of audit closure
    evidence and RCA final action closure evidence.  Manage and track
    locally owned Audit actions.
  • Provide consultancy, advice and guidance on Information Security
    to both business and technology management.
  • Liaise with both Internal and external Audit groups on
     technology risk  and control issues
  • Liaise with external industry and government groups to keep
    abreast of new security threats and initiatives.
  • Leverage ideas, solutions, remediation plans and security
    activities with other country IT Risk management system.
  • Provide oversight of any local IT Security/ Risk implementations.
3. Global Information
Security Strategy and Plan:
  • Develop a local security strategy to meet business objectives,
    ensure that:
  • IT projects are designed and implemented with adequate levels of
     IT security
  • Security resources are used effectively and efficiently
  • Escalation processes are in place both locally and across the
    cluster to facilitate risk decisions.
  • Support and input to the centralised GRB International Information
    Security Programme to ensure that all local country requirements are
    addressed.
  • Build and maintain effective relationships between the information
    security function and local business areas.
  • Be an integral part of the Global  Information Security Team,
    building relationships and sharing information.
  • Implement a security awareness program which incorporates the
    following:
                     
– Mandatory information security training for all staff
                      
– New joiner security induction
                      
– Specific IT security awareness e.g. hacking, phishing incidents, spoofing,
virus’s etc
                      
– Appropriate awareness tools and material are developed and communicated
4. Compliance with
Information Security Standards:
  • Help to build and implement a set of fit for purpose security
    standards and procedures.
  • Ensure standards incorporate any local variants, applicable
    legislation and regulations where appropriate.
  • Ensure a local governance process is in place to review and
    approve deviations to policy or standards and participate in the
    International Governance Forum.
  • Provide advice and guidance on policy and standards interpretation
    to both the business and technology groups.
  • Implement a metrics program to measure compliance with the
    Security programme including:
  • Dispensations to policy and standards
  • Implementation of technical security standards per platform
  • Contract reviews and third party assessments and due diligence
  • Awareness and education participation and reach
  • Project Security risk indicators
  • Ensure IT Security functions are implemented in a manner that
    meets and exceeds compliance with standards
5.  Service
Continuity Management:
  • Work with the BBU BCM managers to undertake remedial action to
    make existing arrangements more affective. (Such as placing BCM with
    Operation)
  • Implement a fit for purpose, cross functional, business continuity
    capability within country utilizing the new Barclays BCM Tool.
  • Ensure fit for purpose disaster recovery IT infrastructures are
    established
  • Co-ordinate and control IT processes with business BCM
    coordinators
  • Manage and update the IT BCM tool to ensure upto date systems info
    is fed into the system and that the tool is maintained upto date.
  • Ensure an up to date IT asset regime is in place
  • Complete monthly reports accurately and timorously
  • Responsible for integrity of business continuity systems, IT
    methodologies and strategy within country
  • Managing and implementing the IT technical plan
  • Responsible for development, implementing and ongoing management
    of the IT aspects of continuity testing and proving regimes within country
  • Support to Business Continuity Plan owners with technical
    direction and support in fulfilling their BCM activities
  • Provide monthly reporting to the Head of IT on BCM activities and
    other stakeholders as the need may arise. 
Qualifications, Skills &
Experience:
  • The candidate
    should possess experience within a financial institutional – preferably
    retail banking.
  • Experience in
    any operational security roles
  • Information
    Security Background
  • A working
    knowledge of Microsoft Office tools, Windows, UNIX and other platforms and
    applications
  • Experience of
    COBIT, BS7799 or other relevant frameworks 
  • Detailed
    understanding of the principles, practices, and techniques related to
    Information Security.
  • Technical
    Security background and experience of working on application developments
  • A good
    understanding of the issues faced with outsourcing to external vendors and
    experience of conducting vendor assessments.
  • Knowledge and understanding
    of the implications, to Barclays, of the laws and regulations associated
    with Information Security.
  • Ability to
    influence senior management in relation to important security decisions.
  • Proven
    leadership, relationship management and communication skills.
  • Certified
    Security or Audit Qualification (CISSP, CISM, CISA)
How to Apply:
If you
feel challenged by any of the above positions, and believe you can deliver on
key deliverables as outlined above, upload your application letter, current
curriculum vitae and photocopies of academic certificate to our recruitment
website detail below:
Barclays
is an equal opportunity employer that recruits, develops and promotes people on
merit, and rewards outstanding performance, regardless of background and gender.
For
queries contact us on 0417122453 or email: barclays.uganda@barclays.com
Deadline:  26th
November, 2013
For
More Ugandan Jobs, Please Visit https://www.theugandanjobline.com   or
find us on our facebook page https://www.facebook.com/UgandanJobline

Related Jobs