People, Person, Clinic, Doctor, Lab Coat, Scientist

Chief Information Security Officer


Chief Information Security Officer

Dublin | Ireland

Job Purpose:

Reporting to the BoI Chief Operating Officer, the Chief Information Security Officer (CISO) will be responsible for development and execution of the Group's Information Security strategy, strengthening the Banks information security operating model to be best in class and assessing and advising on information security risk across the Group.

This is a Group role with authority and oversight that requires higher level stakeholder management capabilities to ensure cross Group commitment, involvement and support that ensures clarity of accountabilities on this key agenda. As such, the role involves direct interaction with key internal and external stakeholders, including Group Executive Committee members, the Group's Board, relevant Group committees and relevant regulators.

This is a Control Function role within the remit of Central Bank of Ireland's Fitness and Probity regime.

Principle Accountabilities:

  • Designing, implementing and maintaining the information security operating model.
  • Ensure that information security is considered at all stages of the conception, planning and implementation (IT change will be managed by Group Technology & Change) across all programmes.
  • Providing the Chief Operating Officer (COO) and Group Executive Committee (GEC) with transparency on information security risk exposure and remediation options.
  • Communicating information security risk to the GEC via formal risk management framework (in consultation with the COO).
  • Managing information security in line with regulatory and policy requirements (e.g. CBI, ECB, PRA/FCA requirements).
  • Providing business-focused, practical direction for security in the Bank, including balancing security needs against strategic business plans.
  • Managing the Bank's information security budget and articulating the benefits and return on investment for the Bank.
  • Assessing, reporting and advising on the information security threat landscape.
  • Developing Bank requirements to strengthen the first line of defence (e.g. implementation of Information Security Officers into business units).
  • Supporting the implementation of information security controls.
  • Promoting the security culture and driving user training and awareness.
  • Periodically reviewing the Bank's policies, standards and guidelines (drafted by second line) to ensure that information security requirements are captured and appropriately represented in documentation. It is proposed that all policies are reviewed when the Group's information security risk appetite has been established.
  • Setting the security requirements for third parties where they have access to Bank information assets (e.g. identifying which third parties are high risk, ensuring the continuous risk monitoring process is completed and that third parties are generating and communicating appropriate types of MI at an appropriate level of detail and at an appropriate frequency).
  • Providing requirements, ensuring delivery, providing subject matter expertise, managing alerts and events, and monitoring effectiveness of security capabilities.
  • In line with the CISO's overall responsibility for information security risk management, the CISO also should have responsibility for the Risk Control Self Assessment (RCSA) process with respect to information security (although the implementation of the RCSA process will be overseen by second line).
  • Leading, motivating and developing an Information Security
  • Formulating and executing the strategy to deliver our ambition to be a truly customer centric organisation by 2020

Key Capabilities Required:

  • A leader with strong influencing and negotiating skills, with the presence, intellect and knowledge to establish rapport and credibility at all levels of the business.
  • Independent and decisive with willingness to challenge, and tenacity and resilience to ensure divisional accountabilities within a Group model and approach.
  • Proactive operating style with ability to identify issues - and potential solutions - before they impact on the business.
  • Very sound judgement and commercial acumen with high level of personal and professional integrity.
  • Highly resilient and organised.
  • Proven ability to operate in a business environment with dual and matrix reporting lines and delivery through virtual teams.
  • Experience / knowledge of current and emerging information security trends.
  • A highly experienced leader of teams, capable of developing individual's careers, skills and behaviours whilst fostering excellent team spirit.
Closing date: May 20, 2019
Email me about jobs like this

Not ?

Thank you

What happens next?

You've seen your dream job, now what can you expect from the process?