The candidate will be responsible for the IT security risk assessments, approvals and reporting for the London branch as well as VTB Capital globally and be in the ITSec (or IT Security) Team which is a part of the global IT Security & Architecture function, which comprises of the SEA (Security Engineering & Architecture), Security Operation Centre (SOC) & ITSec teams globally.
The candidate will be involved in global IT Infrastructure and Application risk assessments, advise about IT security compliance, advise upon practical countermeasures and perform IT security reporting and quality assurance.
The IT security officer candidate should have a thorough understanding of IT systems security and will be responsible for recommending risk reduction countermeasures, delivering documentation, reporting, tracking risks and updating security standards. There will also be elements of project tracking and reporting on projects from the rest of the global function.
The candidate will be part of the global ITSec team and be based in London with a fluid and varied workload.
Accountabilities may vary at any point in time but will cut across the following disciplines and areas:
IT Security Officer Duties
- Perform risk assessments, provide approvals, and advise on technical risk reduction measures for IT application and IT infrastructure projects as well as BAU IT changes.
- Perform and prepare responses to requests from internal and external auditors and support, resolve and track audit points.
- Review and development of existing security standards documentation including quality assurance of documentation prepared by other team members from other offices.
- Perform regular monthly risk and project reporting and quality assure updates provided by other security and IT functions.
- Ensure compliance with VTB Capital Security standards and IS policies
- Perform regular risk assessments of existing IT components to ensure compliance with security standards
- Assist the Head of IT Security & Architecture in the preparation of twice-yearly training material for Board members.
- Undertake new security improvement projects to improve the security controls, efficiency and ease of client engagement with the global function.
- Point of contact to assist and advise customers for IT security-related matters
Key Competencies & Qualifications
- Ideal candidate profile will have a Bachelor's degree in a technical discipline and or have previously worked in an IT infrastructure or application development role.
- In depth knowledge of Network firewalls, VPN & Security products as well as application and cloud computing.
- In depth knowledge of anti-virus software, intrusion detection, firewalls and content filtering
- Knowledge of risk assessment methods, technologies and tools.
- Experience of vulnerability and penetration testing.
- Professional Certifications: CISSP/CISM/CISA/MCSP/CCSK/CCSP is preferred
- Strong analytical and critical thinking skills and a meticulous attitude.
- Able to work independently or in a team with minimal supervision and highly self-motivated
- Extensive experience in working collaboratively across global teams and to lead others through problem solving challenges.
- High quality orientation with strong communication skills and with good verbal and excellent written communications skills are essential.
- Previous working experience with financial organization in a similar capacity is desirable
Typical Decisions taken by Job Holder
Reviews, risk assessments and final decisions related to the Approvals of IT BAU workflow across all entities including but not limited to:
- Firewall changes
- Privileged access
- Security Policy exceptions
- Risk Assessments
- SWIFT attestations
- Connections to third parties
Decisions related to quality assurance, review meetings and communications with IT clients, internal audit, Operational Resilience function, new application risk assessments, new security standards, development and approval of security standards, IT Security process improvements, escalations and regular reporting.
This job description is dated and is a fair representation of the role that you will carry out for VTB Capital but is not intended to be an exhaustive list of all duties. As with any organization and role, change is inevitable and the role may flex over time. Where this change is material your manager will issue a revised job description in consultation with Human Resources.