Overall Job Purpose:

Barclays Global Retail Bank (GRB) operates in geographies across the world and is fast becoming established as one of the world’s truly global retail banking operations with an employee base of over 100,000, growing rapidly.

Key accountabilities of this job holder will be:

Lead and own the design and delivery of security solutions and services into the International clients. Work within virtual teams of security and technical specialists to ensure quality delivery of world class security solutions into the business. Lead Risk Assessment exercises designed to highlight and clearly articulate IT Security risk to the business in terms they understand. Drive and lead where appropriate a variety of IT Security activities and other related activities which together aid in ensuring that the organisation’s assets and IT systems are appropriately protected against unauthorised activities including deliberate or accidental loss.Key Accountabilities:

Lead the Design and Delivery of Security Solutions: Provide detailed specifications for IT security solutions and support the development of security testing plans. Work with the business and project team(s) to ensure residual risks are adequately mitigated to the degree that meets the risk appetite of the business.

Work within virtual teams of the specialists and Business Information Risk Managers to translate high-level business/functional requirements into robust IT security solutions and supporting business cases (particularly in support of strategic change programmes), negotiating pragmatic control implementations in line with business priorities, cost and risk appetite.

Risk Assessments

Undertake and facilitate risk and vulnerability assessments/workshops covering the more complex design solutions during various development phases to ensure technical vulnerabilities are identified and correctly managed, proposing solutions as required. Lead the project/programme managers in accurately assessing the likelihood and impact of technical vulnerabilities. Production and management of technical risk and vulnerability reports as per approved standards and processes.

Relationship Management:

Build an effective network of relationships with senior Barclays technology partners globally to ensure trust and credibility of team is developed. Ensure there exists a level of awareness of strategic IT security issues within the International business, if necessary escalating to Business leaders and the Head of International Security Business Engagement to ensure these are brought to a satisfactory conclusion. Maintain an effective network of relationships with senior individuals in service and technology providers to ensure Barclays maintains a leading capability.

Leadership:

Encourage and solicit innovative ideas; Leading by example inspire commitment, and a positive attitude from the team.

Due Diligence Activities:

Work as key part of a due diligence team in relation to 3rd party’s and partner organisations, including the identification of security controls and assessing their effectiveness. Produce due diligence reports to be used in the creation of action plans to guide any remedial actions needed. Assist in ensuring all security related remedial actions are carried out in a timely manner. Contribute to the negotiation phases of contract development with 3rd parties in relation to identifying and agreeing security requirements.

General Advice & Guidance:

To provide technical advice and guidance on IT security related queries to both project and “BAU run” areas as and when required.

Security Incidents: - Supporting security incidents/investigation as required.

Reporting: -
Provide regular MI to senior management throughout the regular reporting cycles.

Education and Experience Required:

B-degree in Information Security or equivalent 6 to 8 years (Technical/Managerial) experience in technology

Technical Knowledge:

Demonstrate ability to define explicit security deliverables to the project during early engagement. Ability to define security requirements commensurate with the overall risk the project. Experience of leading the design of security solutions from the ground up and owning the delivery of security solutions within complex international projects and delivery programmes. Excellent understanding of security strategies and technologies including secure network design, e-Channels, remote computing, desktop and server hardening, secure web services, Compliance Auditing, Secure Software Development Lifecycles, Software Auditing, Penetration Testing, Security Monitoring, Access Controls (identification, authentication and authorization) and Encryption. Strong knowledge of information security frameworks and standards such as ISO17799/27001 and their application into diverse environments. Strong understanding of the security mechanisms associated with Windows or Unix operating systems, switched networks, web based applications and databases.

Demonstrated ability to solve complex technical problems. Extensive experience creating innovative solutions and responding to information security incidents a strong plus. Able to explain security functionality from first principles. Competent to discuss the underlying technology with product developers. Understands core development methodologies and their associated technologies. Can describe major phases, activities, checkpoints and deliverables of the application development lifecycle. Understands the security controls/processes required to implement a robust secure application and can clearly articulate the risk associated with the failure of those controls/processes. Has detailed knowledge of the purpose of - and approaches to - security testing. Strong, demonstrable experience of owning and driving closure of risks. Experience in quantifying IT Security Risk and translating that into language that the business can understand.

Supplier & Product Evaluation:

Understand, from an IT security perspective, the supplier assessment process used in order to ensure that a suppliers capability to support services to an agreed level/standard is accurately assessed and reported. Understand, from an IT Security perspective, product evaluation activities to ensure products are fit for purpose and comply with minimum security requirements.

Security Management:

Contribute to formulation of policies and best practices for security management. Can consult on policy guidance, interpretation and enforcement mechanisms. Knowledgeable of the full spectrum of application control techniques. Can describe all key IT security functions, major roles, responsibilities and their inter-dependencies. Has contributed to the creation of technology-related security best practices and processes. Evaluates enterprise-wide impacts and makes recommendations for the company Can relate new technology potential for gaining a competitive advantage in business. Understands security operations from a people, process and technology perspective. Understands the role and importance of robust governance models. Understands routine IT security monitoring and administration tools. Understands performance measurements for IT security. Understands major internal support functions and services.
Monitors marketplace trends and experiences on security, audit and control issues Knowledgeable of the full spectrum of application control techniques

Control:

Knows what should be communicated, when and to whom. Experienced at implementing or managing risk management processes and tools. Actively seeks ways to understand, mitigate or reduce risks. Has a wide network within and outside the organisation. Shows integrity while addressing challenging situations.

Internal & External IT environment:

Can evaluate enterprise-wide impacts and make strong recommendations for the company. Can relate new technology potential for gaining a competitive advantage in business. Has proven experience in security architectural considerations for cross-functional, cross-platform applications. Follows the progress of new security technologies, surfacing those with business potential. Has played a lead role in implementation of new security technologies. Experienced in working with technical and security specialists and the appropriate Business Teams to drive out superior performance in developing and delivering world class IT security solutions, and achieve high levels of satisfaction as a result.

Business Knowledge:

Good awareness and understanding of the Barclay’s business unit responsibilities and structure. Ability to identify specific information security technical build guides and best practice deficiencies within the global organization and develop and drive cross-functional correction strategies.

Functional Analysis (Business):

Can describe deliverables associated with the requirements analysis and definition Able to identify security requirements for business applications and data Experience in evaluating the design effectiveness of IT security controls

Service Support:

Appreciation of risk mitigation by both technical and non-technical measures. Understands the importance of effective technical documentation in identifying and managing IT security risks.

Product & Vendor Evaluation:

Experience with security assessment processes and methodologies Experienced with developing a comparative analysis of all security products or vendors under consideration Stays informed on security vendors, specific product histories, trends and directions

IT Architecture and Design:

Familiar with integration and implementation issues and their architectural implications. Active in defining architectural principles, design patterns and standards for IT security. Can discuss issues and considerations for IT security architecture. Can discuss major issues, interfaces, considerations and potential pitfalls (risks) in implementing IT security solutions. Knowledgeable about existing best practices for integration of security controls. Has prepared technical security reviews. Explored and evaluated security considerations for multiple technologies.

Delivery:

Can describe alternative problem-solving approaches and their optimal uses. Has been able to maintain a dialogue in difficult situations. Can identify customer satisfaction gaps through regular communication. Superior communication skills and ability to interface with both technology and senior management. Ability to work concisely when under pressure or with extremely tight timescales. Freely shares information and experiences and seeks knowledge from others Effective at working with unstructured teams, situations and environments Adept at influencing others even when position is not initially shared by others (e.g. is able to bring evidence to convince others) Challenges way of operating with a focus on pragmatism Demonstrates initiative and competence. Supports and encourages positive working behaviours in others. Able to shift well from task to task. Understands different project methodologies, project lifecycles, major phases, dependencies and milestones within a project. Knows the objectives, initiatives and issues of HR and finance departments, and the relevant regulatory agencies and regulations. Demonstrate ability to work as an integral member of the project/programme team(s) to ensure proper deployment of IT security solutions.

International:

Clearly demonstrate a solid track record of working in a complex International environment. Experience of working in a multi-cultural environment. Strong Experience working in a diverse, challenging and multi-cultural environment. Works effectively with people across a wide range of disciplines, cultures and levels (both internal and outside resources)

Language Skills:
Strong Written and Verbal: - English

Competencies:

Deciding and initiating action
Learning and researching
Entrepreneurial and commercial thinking
Relating and networking
Adapting and responding to change
Persuading and influencing
Creating and innovating