We're sorry, but this job has now expired.

To search live jobs like this one click here.

 

Information Risk & Privacy Manager

Scotland

Location:
Scotland
Salary (Annual):
Unspecified
Salary Description:
Dependent on experience
Company:
Prudential
Sector:
IT and Internet
Working Pattern:
Full time
Type:
Permanent
Date Posted:
Monday, 28th May 2012
Flexibility Offered:
Yes
Job Ref:
#6053642
Prudential - Information+Risk+%26amp%3B+Privacy+Manager

 

To ensure Information Security, Risk & Privacy is managed appropriately. Provision of specialist support and advice on Information Security Risk Management to managers, project teams and IT delivery teams (including the provision of guidance on conformance with aspects of information processing (e.g. Data Protection Act, Computer Misuse Act). Managing elements of an ongoing programme of monitoring in order to demonstrate appropriate management of risk and compliance with policy.
 
Key Results Area's
  • Deliver a fit for purpose IT Security and Privacy capability to support internal and external customers,  through key IT partners, in particular PGDS and Capita. Ensure that relationships with key suppliers are managed in such a way as to ensure the long and short term delivery of these services, key accountabilities are in place and a positive engagement is maintained.
  • Ensure that technology and processes are kept under regular review so that every effort is made to secure all customer data held by PruUKIO; maintain UKIO Information Risk and Privacy policies in line with Group policies and ensure that these are effectively communicated to all relevant parties; maintain at all times awareness of key IT security risks as they emerge, escalating them to relevant stakeholders with recommendations for their mitigation.
  • Ensure that all IT Security incidents are resolved in line with policies and procedures; ensure that any underlying problems are resolved subject to business case in a timely fashion.
  • Ensure that IT Security & Privacy Risks are agreed, understood and communicated, that appropriate controls and risk mitigation actions are in place, liaise with Prudential Risk and Audit functions as required, and agree and then manage the outcomes of IT audit and risk reviews; reporting failures and concerns to the Senior Management Team for action.
  • Manage the long term health of the business unit by ensuring that colleague engagement is maximised, that appropriate recruitment is undertaken to regularly refresh the team, and that there is an appropriate balance of internal and external staff.
  • Manage all colleagues within the business unit in accordance with HR policies to ensure that they are developed to realise their maximum potential.
  • Actively lead, coach and appraise the performance of team members, resolving performance issues promptly and providing a climate that encourages team members to develop to their full potential
  • Demonstrate a positive risk, compliance and control culture through the identification, assessment, monitoring and management of risks and issues within the business area, and ensure the timely and appropriate resolution of control weaknesses, actions and failures that arise.

Key Performance Indicators

  • IT Security and Privacy controls are documented, delivered and maintained within appetite or risks are consciously documented and accepted.
  • Positive Internal and External Audit outcomes for Information Security and Privacy.
  • IT Security Incidents managed effectively and within BU tolerances.
  • All project and BAU activities delivered successfully.
  • Career Development of supporting staff and Succession Planning in place

Direct Report's

  • Information Risk and Privacy Consultants/Information Risk and Privacy Analysts

Scope & Key Dimensions

  • Headcount: Up to 5-10 people and dependant on project workload.
  • Accountability for the day to day IT Security service supplied by PGDS and Capita. Oversight of key third party delivery (primarily PGDS, Capita and RR Donnelly) for Information Security, Risk & Privacy. Accountable for the initiation, delivery and realisation of benefits in respect of IT Security projects. Costs under management are likely to be in the range of £300K to £10m.

Key Interfaces

  • IT SMT (Senior Management Team), Data Security Committee members, Business Unit Representatives for all Pru UK Business Areas, Risk, Group Security.
  • Key Third Parties (Capita IT, Capita Risk, Security, PGDS SMT (Senior Management Team) and IT Security Team.  RR Donnelly, Zensar).

Knowledge, Skills & Experience

 

Skills
  • Degree level education, preferably in Computer Science or related field, with a strong awareness of current and future technologies.
  • Ability to drive strategic security improvement projects and other enterprise-wide initiatives.
  • Excellent organisational skills and must have the ability to effectively manage multiple teams or initiatives. Is able to effectively delegate and prioritise activities to ensure the wider picture is managed.
  • Excellent leadership skills, able to inspire and energise staff by gaining respect and trust.
  • Advocacy and promotion of a team environment, instilling team spirit.
  • Ability to influence and work effectively in a consultative role with Senior IT and Business Managers.
  • Proven ability to communicate professionally in a corporate environment, and work in cross-functional collaborative teams. Able to create a strong network of contacts both internal and external to support the role and ability to add value in a timely manner.
  • Is equally effective working within a team or as an individual.
  •  
Knowledge
  • Exposure to the financial services sector and related regulations (FSA, Data Protection Act), control frameworks (CObIT, ISF SOGP) and other compliance requirements (SOX, PCI DSS)
  • 5+ years of diverse IT and business industry work experience in an IT Management role.
  • 3+ years experience in an IT Security/Privacy role, operating across large-scale enterprise environments.
  • 3+ years experience working with security technologies such as SSO, IDM, Data Security.

 

Experience
  • Experience with implementation of secure development life cycle models and methodologies, risk analysis and threat modelling, vulnerability reviews and security assessments.
  • Demonstrated experience with use of secure file transfer protocols, database security, web service security, use of technology such as Web Services security, SAML.
  • Working knowledge of infrastructure components and data and database management including securing data at rest via obfuscation / tokenisation / encryption.
  • Experience of developing relationships with technology suppliers and critically assessing IT Security Threats.
 
Back to search >