Job Detail

About Private Bank

As Private Bank we strive to provide the right solutions for our diverse clients through our international network of specialists, located in vibrant financial hotspots around the world. Together we serve 10 different client segments to whom our businesses offer a wide range of products and services.

The Private Bank supports HNW, UHNW and Family Office banking, investment and credit needs through a dedicated Private Banker and team of investment and wealth specialists.  With offices in the United Kingdom, Ireland, Monaco, Switzerland, India and Dubai, the Private Bank offers our international client base access to a fully bespoke service. The business is high growth and significantly invested in delivering high touch personal services and creative client solutions with access to the Corporate and Investment Bank. More complex products areavailable through the Private Bank; including structured credit and derivative margin trading, direct access to trading desks for equity and FX forwards.

Our Overseas Services business provides banking, credit, cash management and investment expertise to our clients through a value adding relationship-led service, product specialists and digital channels. Operating from London, Jersey, Guernsey, Isle of Man, Glasgow and Dubai we directly serve eight client segments of Fiduciaries, Family Offices, Captives, Funds Administrators, Corporates, Premier Global, Local Business and Local Premier & Retail, together with supporting the booking of HNW and UHNW clients onto our Jersey and Isle of Man platforms.

Overall purpose of role

The Cyber Information Security Officer role will directly support the Switzerland Private Bank business with responsibility for oversight of the Cyber and information risk control environment, providing support with risk assessments for jurisdictions with special regulatory requirements, driving local implementation of Group Programmes, as well as implementing the Group Cyber Policy and Standards. Additionally, the role will support in managing the Logical Access Management (LAM) project and operation, the Data Leakage Prevention (DLP) platform, and providing advice/challenge to the business in respect of tactical solutions and strategic programmes.

The Cyber Information Security Officer will report into the Cyber & Information Security Manager.

Key Accountabilities

• Logical Access Management (LAM)
  
  
  
  • Support the global PB activities, in all areas of Logical Access Management,
  
  
  • Manage all aspects of Identity and Access management for Private Bank Switzerland, including RBAC implementation and maintenance, application on boarding, SoD, recertification…
  
  
  • Ensure any access to client data hosting systems is compliant with the Group Security of Information Assets Standard, Role Based Access Control framework and need-to-know principle,
  
  
  • Take responsibility of daily activities (access approvals and access monitoring) around LAM, using the Access Control Monitoring tool (Saviynt IAG solution), and the internal user access ticketing request tool,
  
  
  • Maintain and continuously improve the ACM tool (follow up with third party supplier for upgrades, bug remediation, evolution requests etc…),
  
  
  • Formalize business LAM procedures.
  
  

• Implementation of Group CIS Policy (Cyber / Risk Assurance)
  
  
  
  • Ensure risks arising from changes and new projects are properly identified, assessed and managed. Provide project support, assurance, remediation support, and guidance to the business. Assist the business with identifying alternate solutions or compensating controls where requirements are not met, or provide guidance for appropriate risk acceptance,
  
  
  • Support delivery of projects to ensure compliance across the local Private Bank business, principally covering, logical access management, data leakage prevention policies, risk assurance, information classification/handling,
  
  
  • Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Barclays Policies and Policy Standards.
  
  

• Data Loss Prevention Incident Management (DLP)
  
  
  
  • Participate to daily monitoring of emails where need be,
  
  
  • Provide general advice and guidance around data loss prevention, including remediation of process issues as identified through monitoring alerts,
  
  
  • Support in identifying ongoing improvements of the platform to enhance the DLP control environment (setup / update of policies and controls within the Data Loss Prevention system),
  
  
  • Work with local management, HR and other key stakeholders as appropriate.
  
  

• Training & Awareness
  
  
  
  • Assist with creation and delivery of training and awareness programs on all CIS controls and policies.
  
  

Stakeholder Management and Leadership

None

Desirable skills/Preferred Qualifications:

• The successful candidate will preferably be educated to a degree in Computer Science or equivalent, and have a Risk or Cyber/Information Risk related knowledge,


• CISM, CISA, CISSP, ISO27001 or equivalent would be a definite bonus,


• Knowledge in Identity and Access Management is a definite asset, especially regarding notions around Role Based Access Control,


• Knowledge in Data Loss Prevention principle and tools would be appreciated,


• Experience within financial institutions is preferred,


• Notion in banking secrecy is preferred,


• Residence in Switzerland and French speaking is preferred.

Working

Weekend work or work outside of business hours might be required.

Personal attributes

The successful candidate will have good communication skills, written and verbal; and should be a dynamic individual, self-directed, team oriented, comfortable operating within a changing environment.

Additionally, the candidate should demonstrate:

• 
  
  
  
  • Taking actions and be able to follow up on the progress in a timely manner,
  
  
  • Persuading and influencing relevant stakeholders where needed,
  
  
  • Analysing situations where information risk could arise and advise his manager,
  
  
  • Working with people from various department (from IT, controls and support functions and business),
  
  
  • Adhering to principles and values from the Bank,
  
  
  • Presenting and communicating relevant information,
  
  
  • Delivering results and meeting expectations setup in accordance with his/her manager.
  
  

Purpose and Values

Barclays has a single cross-business Purpose for Barclays and five core Values which underpin it.

Our Purpose is helping people achieve their ambitions in the right way. Put simply this is the answer to the question ‘What is Barclays for?’ and it should guide our every action as employees.

Respect

We respect and value those we work with, and the contribution that they make.

Integrity

We act fairly, ethically and openly in all we do.

Service

We put our clients and customers at the centre of what we do.

Excellence

We use our energy, skills and resources to deliver the best, sustainable results.

Stewardship

We are passionate about leaving things better than we found them.