CIB Operational Resilience Support IT

Job Description

Company Description For more than 15 years, Talan has been advising companies and administrations, supporting them and implementing their transformation projects in France and abroad. With a presence on four continents, the group anticipates revenue of €350 million in 2020, for a headcount of more than 3,500 consultants. In the UK, Talan count 230 employees on several site, the main being: London, Edinburgh and Chester, Leeds. Talan Consulting is expanding its team in the UK and looking for SharePoint/Power Platform Consultants to join their dynamic Smart Automation Team . The consultants are expected to have the following technical & soft skills: Job Description Role An Operational Resilience Officer - IT is required to join the newly created CIB Operational Resilience and security team. The role will support Global Markets IT Resilience Officer in all aspects of implementation of the new CIB framework and support GM IT development and production teams for their IT resilience related projects. The Operational Resilience Officer will represent the team in Production and Development forums or steering overseeing the implementation of IT Resilience and Operational resilience requirements. In addition, he/she will be required to personally follow high visibility remediation plans. This is an exciting opportunity to work with interesting security challenges in an environment with many different development platforms, communications technologies, and advanced trading systems. The role encompasses a number of activities & responsibilities: • To technically assist DEV; APS and Production teams in the implementation of resilience mechanisms; implementation of scripts and other software components required by business playbooks • To actively support implementation of all IT Resilience related activities by keeping a constant close interaction with all involved stakeholders. This encompasses activities such as : o Liveplay testing (ie switch to recovery datacenters during week) ; o Critical asset recovery exercise (ie be able to rebuild critical apps) ; o Operational resilience capabilities delivery, such as cloud based workstation, data vault solutions, ultimate recovery strategy. • To act as a referent expert on all resilience / recovery strategies and technologies with a good understanding of specific constraints related to GM value chains • To facilitate and guaranty consistency of approach for all IT Resilience related documentation such as procedures for recovery, crisis management, application impact analysis, IT Asset cards • To ensure alignement and support redaction of pragmatic and effective business playbooks; aligned with actual capabilities supported by production, development and ITO operations. • To support automation of reporting; controls deployement and identification of critical deviations to resilience standards and best practices • To support implementation of operational resilience regulatory requirements in IT systems • To provide guidance on effectiveness of operational resilience capabilities; measures, and controls in particular for the residual risks (e.g. residual risk after data masking, encryption or signature of sensitive data). • To support all GM IT or CIB teams in their remediation plans and connect them to appropriate security or non-security teams to help achieve their risk reduction goals. Qualifications Skills Attributes Essential • Technical expertise on resilience mechanisms (Operating systems; Databases; Middlewares) - such as load balancing; clusters; backup and restore systems and strategies; NAS resilience and security; Cloud backup. • Familiarity with network and OS Security equipments: firewalls configuration; encryption standards and mechanisms (at rest and in transit), Cloud security • Strong technical skills required to understand vulnerabilities in detail and how to resolve/mitigate them, therefore being in capacity to assess effectiveness of measures and residual risk. • Excellent knowledge of IT best practices, from development to production and security • Familiarity with security risk standards, such as ISO 3100/27001/27005 • Good understanding of ITIL standard, with a focus on change/release management • Knowledge / experience of at least one global market activity • Rigorous and reliable in his/her findings, the candidate must be able to provide high quality findings and risk analysis without relying excessively on second opinion. • The candidate will be a forward thinking individual with the ability to look beyond immediate problems and issues, but with a solid practical delivery focus. • Highly skilled and able to demonstrate value to the security and risk communities at a practical level, working alongside analysts, security, application and business staff on a collaborative basis • The ability to manage independent responsibilities and projects while working closely with the security, IT and business communities; the candidate must be well organised, self motivating and a good communicator • A pragmatist with the strength of character to lead divergent interests to common ground and the best outcome • Approachable and willing to share their expertise and experience in order to assist the development of teams and individuals Desirable • Awareness of key FFIEC and NIST standards related to IT security or IT Risk (NIST Cyber is a must) • Usage of COBIT 5 or ISO 38500 framework, or associated certifications (CISA...) • Exposure or certification related to ITIL, CMMi • Exposure to NIST SP 800-30, ISACA IT Risk framework or equivalent • Experience of specific security products and technologies: RSA Archer, MS SharePoint Portals, Atlassian JIRA • Knowledge of Banks internal control organisation (i.e. French CRBF 03/11/14, EU 2013/36/UE, Committee of Sponsoring Organizations of the Treadway Commission / COSO referential) • Able to communicate effectively across a wide range of seniorities from entry level developer to senior management.