NatWest Group
Security Business Partner
Key Responsibilities
- Apply effective risk management and decision-making capability, anticipating and assessing the potential impacts of risk associated with information and cyber security across relevant business areas.
- Ensure evaluation, management, and mitigation of the impacts of strategic information and cyber security initiatives on the operational risk and control profile.
- Support and engage with specialist Security stakeholders (second and third lines of defence, etc.).
- Provide support on framework execution as an information and cyber security expert (risk and controls assessments, control design, testing, policy compliance).
- Lead informed discussions of information and cyber security risk for relevant business areas and products.
- Create a culture of continuous improvement, increasing efficiency and productivity through people leadership, coaching, and skill development.
- Manage stakeholder relationships with Security and support them with managing their risk and control profile.
- Provide an aggregated view of the control environment for relevant information and cyber security business areas.
- Support relevant technology and digital business area in interactions with second and third lines of defence on risk and audit engagements.
- Manage the completion of risk and control assessments in line with the risk framework for Security.
- Produce and review risk committee packs relating to information and cyber security, including relevant MI and assessing the aggregated risk profile.
- Support Security in interactions with second and third lines of defence on risk and audit engagements.
Skills and Expertise
- Extensive understanding of relevant businesses, key products, and information and cyber security risks.
- Knowledge of risks and controls associated with information and cyber security, including industry frameworks (NIST, ISF SOGP, MITRE, COBIT, CRISC, etc.).
- Knowledge of risks associated with technology outsourcing.
- Breadth of demonstrable knowledge across all cyber and information security domains (privileged access management, security operations, vulnerability management, governance).
- Proven ability to deliver high quality outcomes and experience of applying information and cyber security risk and control assessments in an operational and strategic context.
- Comprehensive experience in information and cyber security risk management and audit or control frameworks.
- Experience of working in a fast-paced information and cyber security risk or audit environment where priorities shift rapidly.
- Strong senior stakeholder management skills.