Head of Security Governance and Assurance

Purpose of the job:This role defines, implements and operationalises the Bank’s second line of defence monitoring activities for cyber security risk. Your main duties will be to lead our second line cybersecurity compliance monitoring programme, direct our cyber security governance function and to manage our cyber security advisory service. A key part of your role will be to oversee the development and maintenance of the Bank’s security policies, standards and guidelines in the context of our new 3LoD risk management framework. You will be also responsible for  our cyber security advisory and assurance activities, undertaking tasks such as tracking internal audit findings, reporting against any operational risk remediations and reporting to Executive audiences on the Bank’s cyber security risk threats and/or response measures.By joining the team:You will have the opportunity to lead a talented group of cyber security specialists who are highly committed to ensuring the security of the Bank’s technology transformation programYou will sharpen your skills at gathering, analysing and preparing data and reports on the Bank’s cyber security performance for a range of senior executive audiencesYou will be part of a group of line managers who support one another through the use of their respective specialist technical skills, but who work as a teamYou will work with a truly international team of security and Banking risk professionals with a diverse set of personal and professional backgrounds and experiencesKey responsibilities include:Security governance:Lead the development of security-related policies, procedures, guidelines and technical standardsDrive the cyber security risk management functionManage internal audit workload responsesManage responses to the Bank’s operational risk management-related activitiesMeasure and report on cyber resilience of Bank’s critical processesSecurity advisory and assurance:Develop, maintain and evolve the cyber security compliance metrics and reporting programEnsure effective monitoring, analysis, reporting and escalation of security risks as a second line control functionEnsure the provision of clear security advice and coherent project governance requirements to project managersSecurity testing:Ensure the orchestration of security testing activities including phishing, social engineering, penetration tests and red/blue team exercisesAwareness and training:Run Bank-wide cybersecurity awareness and training programs, including advanced cybersecurity training programs for IT professionalsLeadership responsibilities:Lead and develop a driven and dedicated team of strongly performing cybersecurity specialists, including staff and contractors.Qualifications and experience:Extensive organisational ‘in-house’ skills in an audit, security or other complex process assurance function, preferably in an enterprise technology context (min. 8 years)Expertise at complex process mapping or framework application work, preferably in a banking or technology risk contextProven ability to drive the implementation of a data-driven risk or security monitoring function, in a second line of defence roleExperience at applying a risk-based, threat-led analytical approach to digital security or technology risk issuesStrong expertise in operationalising the 3 line of defence model (3LoD), preferably in a banking or technology risk contextAbility to design and implement robust and efficient risk management processes in line with broader risk management frameworksStrong people leadership skills, grounded in a genuine concern for the wellbeing of staff and strong verbal communication skillsStrong communication skills, with a proven ability to explain and clarify highly technical security or risk matters to non-technologist audiencesA demonstrated positive growth-mindset, with a passion for continuous learningFluency in English, both written and oral communicationWho we are:The Bank for International Settlements is a diverse and inclusive organisation with colleagues from over 60 countries. By joining us in the international city of Basel, you will work in a unique, highly rewarding and international work environment. We truly value diversity and inclusion and want to reflect the world we serve. We want the best people to work for us in an inclusive environment so welcome applications from all qualified candidates. At the BIS, we value equality and diversity in all its forms and one way we support diversity and inclusion is through our staff-run networks. You can discover more about diversity and inclusion at the BIS  here.What the BIS offers:In return, we offer a competitive compensation package, including a comprehensive set of expat and relocation benefits and allowances. In addition, thanks to our status as an international organization, we can hire globally and welcome applications from candidates of all nationalities and located anywhere in the world.