Information Security Framework Manager

**Role specific**
This role works strategically across UKT and the Bank to lead the embedding and maintenance of the Information Security framework ('ISMS'). This is a senior role within our Information Security Privacy, Policy and Awareness Team with accountability for thedesign, implementation and continual improvement of the ISMS and its underpinning processes. The role has a direct report. The main purpose of the Information Security Framework Manager role is to:

- Responsible for the embedding and continual improvement of the ISMS, ensuring its effective design and operation in the Bank;
- Maintaining oversight of ISMS effectiveness in line with Framework Owner responsibilities in the Bank's Risk Management Framework and monitoring business performance against information security controls, including maintaining effective framework performancemetrics (KCIs), coordinating and presenting effective risk scorecards and quarterly management reports at the Data Governance Committee, to ensure and support the Committee's oversight of the ISMS and influence decision making on areas requiring focus or improvement;
- Influencing business priorities and control owner plans for information security improvements and risk mitigation;
- Influencing across the Bank, including senior management, to ensure clear ownership and accountability for information security controls
- Ensure the clear design and articulation of information security controls which align to the Bank's legal, regulatory and business needs
- Influencing the effective integration and ongoing alignment of the information security framework with the Bank's Risk Management Framework and operational risk processes
- Responsible for creating and maintaining the Information Security policy, ISMS, Control Standards and instructions, and for the effective planning, prioritisation and delivery of their review cycles to ensure the framework is kept up to date, aligns toUK legal, regulatory and good practice requirements and Bank's global minimum standard for information security;
- Manage the planning and delivery of the team's Information Security Framework business plan, including effectively leading and developing team members, managing any changes, new demands, requirements, or issues and providing regular status/delivery performancereports to management as required;
- Provide specialist information security policy advice, support and challenge to stakeholders across the Bank, and represent the Information Security team with Business stakeholders as a trusted advisor, finding cost-effective security solutions that efficientlysupport customer needs;
- Support the continued development of specialist information security technical knowledge within the UK Information Security team;
- Act as lead Duty Incident Manager on a shared rota basis to manage information security and personal data breaches in accordance with defined incident management processes, ensuring impacts and risks are appropriately identified, assessed and mitigated;
- Deputise for elements of the reporting manager's role (Privacy, Policy & Awareness Manager) as required, on an ad-hoc basis, to cover absences, periods of increased workload, etc

**Key Skills**:

- solid experience embedding, managing and operating an information security framework / ISMS
- able to influence decision making to surface and mitigate issues and risks across a wide range of stakeholders, up to and including senior management / executive
- lead, manage and develop other colleagues, including wellbeing and performance of a team;
- prioritise and deliver competing priorities and manage stakeholders effectively
- own and / or oversight the delivery of key processes and/or improvement projects
- take responsibility and act autonomously;
- plan, organise and prioritise tasks and projects;
- have the ability to solve problems creatively and effectively;
- be a strong team player;
- be able to interact proactively and confidently with all areas of business, including senior management
- have excellent interpersonal and communication skills in both written and spoken English;
- ability to successfully communicate complex data protection requirements to non-technical stakeholders
- pragmatic, and effectively balances risk and control requirements with commercial drivers and customer outcomes
- positive, collaborative and builds and maintains effective cross functional relationships

Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.