Information Security Consultant - Third Party Suppliers

Job Description

Job IntroductionOur UK Information Security Team is growing and its scope covers the full breadth of information security disciplines, including privacy. We already have excellent relationships with our stakeholders, including system owners, senior management and IT teamsin the UK and Sweden. To help these stakeholders provide excellent support to our branches and customers we are looking for an additional team member who is passionate about building innovative and pragmatic solutions and who would value our open collaborationwith stakeholders. Main ResponsibilityThe main purpose of the Information Security Consultant role is to:

• Represent Information Security with Business stakeholders as a trusted advisor, finding pragmatic and cost-effective security solutions that efficiently support customer needs.
• Act as a specialist owner of 1 or more of the teams security processes, systems or frameworks, maintaining specialist knowledge and continually evolving the process, system or framework with reference to the banks global and local system & process owners,regulation & good practice.
• Provide appropriate specialist advice and interpretation of Information Security best practice and UK regulatory requirements to a range of different stakeholders as new products, processes and systems are developed
• Lead risk & control assessments using defined processes, for example external supplier due diligence, privacy impact assessments and project security.
• Develop and lead innovative and effective training and awareness activities for information security and privacy, to ensure effective colleague engagement and awareness.
• Lead assurance activities to assess the effective implementation and operation of systems and controls to manage the information security risks;
• Respond to queries from our branches and other colleagues on information security to ensure effective risk management of information security;
• Act as lead Duty Incident Manager on a shared rota basis to manage information security and personal data breaches in accordance with defined incident management processes, ensuring impacts and risks are appropriately identified, assessed and mitigated;
• Deputise for elements of the reporting managers role, on an ad-hoc basis, to cover absences, periods of increased workload, etc.

The Ideal CandidateKey Skills:

• Solid, practical and demonstrable experience of information security (technical and non-technical aspects), including good understanding of privacy
• plan, organise and prioritise tasks and projects effectively
• pragmatic, and effectively balances risk and control requirements with commercial drivers
• ability to solve problems creatively and effectively
• positive, collaborative and builds and maintains effective relationship with others
• able to influence decision making to surface and mitigate issues and risks across a wide range of stakeholders

Compliance with the 6 Conduct Rules

• Act with integrity;
• Act with due skill, care and diligence;
• Be open and co-operative with the FCA, PRA and other regulators;
• Pay due regard to the interests of customers and treat them fairly;
• Observe proper standards of market conduct.
• Act to deliver good outcomes for retail customers.

Core Values

• Is business-oriented and focuses on the customer.
• Takes a long-term approach.
• Has the courage to make decisions.
• Is innovative and proactive.
• Takes responsibility for their own development.
• Has high ethical and moral standards.
• Likes good administrative order.
• Collaborates with others to achieve joint goals.
• Contributes to the development of operations and colleagues.

About the CompanyHandelsbanken is a relationship bank with a decentralised way of working, a strong local presence thanks to a nationwide network of branches, and a long-term approach to customer relations. Each Handelsbanken branch operates as a local business enabling itto make decisions at a local level and provide a bespoke service. The focus is always on the need of the individual customer and not on the sale of specific products. The Bank is deeply committed to embedding good equality and diversity practice into all of our activities. This is so that we are an inclusive, welcoming and inspiring place to work that encourages everyone to apply, regardless of socio-economic background,age, disability, pregnancy and/or parental status, race (including colour, nationality, and ethnic or national origin), veteran status, marital and civil partnership status, religion or belief, sex, gender reassignment or sexual orientation.