Data Security Project Business Analyst – Financial Services - London
A Data Security Project Business Analyst is required to join the newly created CIB Data & Information Security Team.
The role will focus on the identification and coordination of implementation of requirements related to the new Data Security model. More specifically, Project manager will gather and formalize business requirements for tools and projects aimed at delivering measures to guaranty the integrity, availability, confidentiality or traceability of sensitive information. These requirements will be materialized in projects executed by various other teams such as application production support, production security, development teams or other CIB Security teams.
Data and Information have been put at the heart of the new Cyber Security Model. This is an exciting opportunity to work with interesting new security challenges in an environment with many different teams, platforms and applications.
The role encompasses a number of activities & responsibilities:
- To promote and support application security requirements on confidentiality, integrity, availability and proof in other IT initiatives
- To provide expertise on data security requirements, establish short and long term strategies to achieve them. This should be based on the overall blueprint set by Group guidelines and CIB own information security maturity model and guidelines.
- To organise and manage proof of concepts and technological studies.
- To drive, track, and assist in the implementation of the chosen measures and technologies.
- To strengthen existing application security and production security teams setup for proof of concepts, notably on encryption, signature, data leak prevention.
- To provide guidance to GDPR program management on how to achieve the set goals.
- To monitor the effective availability of the chosen technology and measures, and ensure their effectiveness and efficiency to reach the stated goals.
- To maintain a register of security measures; ensure alignment with group standards and coordination / information sharing with other entities.
- Excellent understanding of ISO IT Security best practices and frameworks, such as ISO 270001
- Strong technical skills required to understand security best practices and technologies in detail and how to use them in the most effective manner to achieve high standards of security risk protection and mitigation
- Good understanding of IT best practices, from development to production and security
- Well-developed written communication skills with the ability to summarise key issues, conclusions and recommendations. Target audiences will include regulatory authorities, internal/external auditors and senior business stakeholders
- CISM, CISSP or equivalent certification
- Strong project management skills – rigour, organisation and negotiation skills
- The candidate will be a forward thinking individual with the ability to look beyond immediate problems and issues, but with a solid practical delivery focus.
- Highly skilled and able to demonstrate value to the security and risk communities at a practical level, working alongside analysts, security, application and business staff on a collaborative basis
- The ability to manage independent responsibilities and projects while working closely with the security, IT and business communities; the candidate must be well organised, self-motivating and a good communicator
- Approachable and willing to share their expertise and experience in order to assist the development of teams and individuals
- Certification in project management (PRINCE2 or equivalent)
- Experience large scale developments (>5M)
- Experience of specific security products and technologies: RSA Archer, MS SharePoint Portals, Atlassian JIRA