VTB Capital’s goal is to be Russia’s Investment Banking powerhouse. We want to be the firm that is a natural choice for all Russian Investment banking and asset management products. A choice our clients around the world make routinely and with confidence. Our mission is to exceed client expectations by providing first class financial services. To create value for the benefit of our clients and for economic and social progress globally.
The candidate will be responsible for reporting of IT Security risks and projects into the plc operational resilience function as well as VTB Capital globally and be in the ITSec (or IT Security) Team. The ITSec team is a part of the global IT Security & Architecture function, which comprises of the SEA (Security Engineering & Architecture), Security Operation Centre (SOC) & ITSec teams globally.
The candidate will also be involved in Third party and global IT Infrastructure and Application risk assessments, advise about IT security compliance, manage approvals and advise upon practical countermeasures and perform IT security reporting and quality assurance. Being a part of the ITSec team, the candidate will be involved in improving security standards and documents as well as making improvements to the workflow of the function and contributing in managing the risk register.
The IT security officer candidate should have a thorough understanding of IT systems security and will be responsible for writing reports for the consumption of senior management, recommending risk reduction countermeasures, delivering documentation, reporting, tracking risks and updating security standards. There will also be elements of project tracking and reporting on projects from the rest of the global function as part of monthly reporting.
The candidate will be part of the global ITSec team and be based in London with a fluid and varied workload. Accountabilities may vary at any point in time but will cut across the following disciplines and areas:
IT Security Officer Duties
- Perform monthly solution and KPI (Key Performance Indicator) reporting and prepare commentary for senior management on existing and planned risk reduction countermeasures as part of the VTBC Operational Resilience process. Track and report on countermeasures undergoing design and implementation
- Perform risk assessments (on new applications and or existing or new third parties), provide approvals, and advise on technical risk reduction measures for IT application and IT infrastructure projects as well as BAU IT changes as part of the Global function
- Perform and prepare responses to requests from internal and external auditors and support, resolve and track audit points
- Review and development of existing security standards documentation including quality assurance of documentation prepared by other team members from other offices
- Perform regular monthly risk and project reporting and quality assure updates provided by other security and IT functions
- Ensure compliance with VTB Capital Security standards and IS policies
- Perform regular risk assessments of existing IT components and Third parties to ensure compliance with security standards
- Assist the Head of IT Security & Architecture in the preparation of twice-yearly training material for Board members
- Undertake new security improvement projects to improve the security controls, efficiency and ease of client engagement with the global function
- Act as a Point of contact to assist and advise customers for IT security-related matters
Key Competencies & Qualifications
- High quality orientation with excellent written communication skills and with good verbal skills are essential
- Ideal candidate profile will have a Bachelor's degree in a technical discipline and or have previously worked in an IT infrastructure or application development role
- Strong analytical and critical thinking skills and a meticulous attitude
- Working knowledge and experience of risk assessment methods, technologies and tools
- Solid understanding of Network firewalls, VPN & Security products as well as application and cloud computing
- Solid understanding of anti-virus software, intrusion detection, firewalls and content filtering
- Professional Certifications: CISSP/CISM/CISA/MCSP/CCSK/CCSP is preferred
- Able to work independently or in a team with minimal supervision and highly self-motivated
- Extensive experience in working collaboratively through problem solving challenges
- Previous working experience with financial organization in a similar capacity is desirable
Typical Decisions taken by Job Holder
Reviews, risk assessments and final decisions related to the Approvals of IT BAU workflow across all entities including but not limited to:
- Firewall changes
- Privileged access
- Security Policy exceptions
- Risk Assessments
- SWIFT attestations
- Connections to third parties
Decisions related to quality assurance, review meetings and communications with IT clients, internal audit, Operational Resilience function, new application risk assessments, new security standards, development and approval of security standards, IT Security process improvements, escalations and regular reporting.