VP -CCO - Cyber

Purpose of the role

To assess the integrity and effectiveness of the banks internal control framework to support the mitigation of risk and protection of the banks operational, financial, and reputational risk.  

Accountabilities

• Knowledge of business areas, products, processes and platforms to be able to assess risk

• Collaboration with various stakeholders across the bank and business units to improve overall control effectiveness through detailed documentation of control assessments, procedures, and findings.

• Identification and investigation of potential weaknesses and issues within internal controls to promote continuous improvement and risk mitigation aligned to the bank's control framework, prioritised by its severity to disrupt bank operations.

• Development of reports to communicate key findings from risk assessment including control weaknesses and recommendations to control owners, senior management, and other stakeholders.

• Execution of reviews to determine the effectiveness of the bank's internal controls framework aligned to established and evolving policies, regulation, and best practice.

• Implementation of adherence to the Barclays Controls Framework and set appropriate methodology of assessing controls against the Controls Framework.

Vice President Expectations

• To contribute or set strategy, drive requirements and make recommendations for change. Plan resources, budgets, and policies; manage and maintain policies/ processes; deliver continuous improvements and escalate breaches of policies/procedures..

• If managing a team, they define jobs and responsibilities, planning for the department's future needs and operations, counselling employees on performance and contributing to employee pay decisions/changes. They may also lead a number of specialists to influence the operations of a department, in alignment with strategic as well as tactical priorities, while balancing short and long term goals and ensuring that budgets and schedules meet corporate requirements..

• If the position has leadership responsibilities, People Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L – Listen and be authentic, E – Energise and inspire, A – Align across the enterprise, D – Develop others..

• OR for an individual contributor, they will be a subject matter expert within own discipline and will guide technical direction. They will lead collaborative, multi-year assignments and guide team members through structured assignments, identify the need for the inclusion of other areas of specialisation to complete assignments. They will train, guide and coach less experienced specialists and provide information affecting long term profits, organisational risks and strategic decisions..

• Advise key stakeholders, including functional leadership teams and senior management on functional and cross functional areas of impact and alignment.

• Manage and mitigate risks through assessment, in support of the control and governance agenda.

• Demonstrate leadership and accountability for managing risk and strengthening controls in relation to the work your team does.

• Demonstrate comprehensive understanding of the organisation functions to contribute to achieving the goals of the business.

• Collaborate with other areas of work, for business aligned support areas to keep up to speed with business activity and the business strategies.

• Create solutions based on sophisticated analytical thought comparing and selecting complex alternatives. In-depth analysis with interpretative thinking will be required to define problems and develop innovative solutions.

• Adopt and include the outcomes of extensive research in problem solving processes.

• Seek out, build and maintain trusting relationships and partnerships with internal and external stakeholders in order to accomplish key business objectives, using influencing and negotiating skills to achieve outcomes.

All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave.

At Barclays, we don't just adapt to the future – we shape it. Embark on a transformative journey as VP -CCO - Cyber, where you'll provide control advisory, governance on Application Security, DevSeOps practices and controls, Threat modelling controls, Secure coding, API security to ensure proactive identification of security risk, timely remediation to reduce risk exposure. You'll develop, refresh the Security policies and standards to address the new emerging risks, changes in the regulatory requirements or lesson learned from internal or external incidents.

To be successful as a VP -CCO - Cyber, you should have: 

• Bachelor's degree in Computer Science and equivalent work experience in relevant industry with strong background in risk management, technology and information security.

• Strong knowledge on SAST, DAST, SCA, IAST, Mobile, cloud security and other AppSec related technologies.

• Threat Modelling knowledge, good understanding of frameworks like STRIDE, DREAD or PASTA to identify and prioritize risks.

• Strong understanding of SDLC, DevSecOps practices, integration and vulnerability management to be able to analyze the outputs and translate findings into business-impact narratives.

• Experience in managing Technology Risk and Controls, leveraging IT risk frameworks such as ITIL, COBIT5, COSO, NIST and strong understanding of industry standards and best practices.

• Experience and deep understanding in Secure coding practices, API security standards leveraging OWASP and CWE top risks and other industry standards like NIST, ITIL etc.

Some other highly valued skills may include:

• Experience in Control automation, Tech assurance, audit or Cyber risk and control function/role, preferred.

• Review of Audit findings, self-identified issues and breaches to align them with operational risk, regulatory requirements and Barclay's Control Framework.

• Advising IT on pragmatic approaches to meet regulatory mandated technology controls and deliver risk reduction and operational improvement projects.

• Experience in various deployment models and technologies primarily on Windows and Linux OS including but not limited to SDLC and Waterfall.

• Good to have knowledge of Platform security, Security Architecture review, including but not limited to API security, microservices and containerized environments.

• Relevant professional certification such as CISSP, CISA, CISM, PMP, CRISC or equivalent.

You may be assessed on the key critical skills relevant for success in role, such as risk and controls, change and transformation, business acumen strategic thinking and digital and technology, as well as job-specific technical skills.

The location of the role is Pune / Noida, IN.