Operational Risk and Security Lead
Form of employment: Permanent Start date: Immediate OnSite with Client in: London, UK (Zone 1)
About AUBAY Group
Aubay Group are an international Digital Services Company operating for 21 years in the European market and working alongside some of the biggest names in the Banking, Finance, Insurance, Energy, IT/Digital, Manufacturing, Transport and Telecoms sectors. With over 6500 Employees across 7 countries and within 16 offices in England/France/Belgium/Luxembourg/Italy/Spain and Portugal, Aubay generated revenues of €417 million in 2018. We are listed on a Euronext Stock Exchange. Aubay were recognised as #30 Best High-Tech Employer in 2016 in France (Google #1).
AubayUK are also based at Europe’s foremost Fintech hub called Level39 www.level39.co at One Canada Square in London/Canary Wharf, E14 5AB and our Client-side demand is in London/Geneva/Paris/Singapore and Houston. Our Clients are globally recognised as Super Majors Financial Services and innovative FinTech. You will be working onsite at one End-Client. You will have the opportunity to work direct for the client at the end of the assignment on a permanent basis.
What we are looking for:
There are certain qualities and 10 character traits we seek in our people and these are aligned with our company values.
- Commitment – doing what it takes for lasting results.
- Together – combining our expertise to create smarter solutions.
- Driven – personally aiming high and wanting better.
- Smart – being innovative and open with ideas and using common sense.
- Passionate – about what you do for the company
- Attitude – positive at all times, we are in customer service
- Aptitude – think outside your comfort zone to create solutions from nothing
- Motivation – striving to be better than before
- Trust – your colleagues and manager will expect you to earn this and retain it
- Integrity – thinking of others and striving for excellence
Job Description – Operational Risk and Security Lead
Background to the role:
Our teams build applications used by our trading teams globally. Our IT teams rely on an evolving set of tools and methods to deliver complex projects allowing our business to realise value from data. We want to offer our developers a set of services, which allow them to focus on what matters – writing high quality applications that delight our users. To do this, we need to improve the way that we manage Operational risk and Compliance response to Information and Regulatory risks.
The Operational Risk and Security Lead is responsible for managing the Operational risk and Compliance response to Information and Regulatory risks across a range of technologies and solutions, working closely with the Business Information Risk Management (IRM) Manager (LOD2) for our IT function. While the Business IRM will provide a view of the IRM security strategy, current and future risk landscape, policies, assurance and oversight of the risk response (ie; the ‘what’), the Operational Risk and Security Lead (LOD1) will focus on operational security advice, risk response, compliance and assurance in our product suite (ie; ‘the how’). The role has no direct reports, but it is important that the successful candidate enjoy working closely with Engineering Leads, product teams, architects, Internal Audit, and Capability Development teams to provide leadership and direction to all products being supported by their peers.
As Operational Risk Manager, you will:
- Ensure plans and activities are in place to support the assessment of risks in work undertaken by IT, and for negotiating a delivery mechanism or project response as appropriate.
- Provide advice of design, development and implementation (ie; the ‘how’) of IT controls, ensuring that the controls are embedded and standardizing where possible across Energy, for IT Projects and BAU initiatives. Must be comfortable rolling sleeves up and working day to day on physical implementation.
- Coordinate with central programmes to understand scope, tooling, processes and manage the effective communication of that across the IT Manager & Product Owner community.
- Provide accurate and timely reporting to the Energy IT LT and input to the DS ITLT reporting through Downstream Security Lead on new demand and progress of inflight initiatives.
- Escalate delays of risk assessments or response implementation to the necessary team leads or SE IT LT.
- Ensure, where required, implementation and embedding of roles and responsibilities across the IT as part of transition to Business as Usual.
- Lead the response to the identification, capturing and assessment of new non-strategic/BAU risks, by working with the BAOs, ITMs and BIRM, across the Energy IT Landscape. In addition, this role ensures the timely response to existing High Risk Findings in Collective for company IT within T&S.
- Provide operational security advice to support the increasing requirement of speed and agility in line with the downstream growth & digital strategy. This advice and support is in advance and in conjunction with IRM assurance processes. Examples are feasibility studies, Agile Delivery, POCs, pilots, audit actions, findings, and urgent requests for advice and remediation activities.
- Understand the risk appetite across the landscape and articulating (in conjunction with the BIRM) this to appropriate stakeholders and ensuring risks are acknowledged and accepted where necessary.
- Professional qualifications – CRISC, CISSP, CCSP or CISM One or more of the above certifications demonstrate that you understand the basics.
- Experience of working under controls frameworks of a Trading or Financial Services business There are a large number of compliance and risk activities unique to this sector.
- Practical experience in modern web technologies our landscape is evolving rapidly. We need someone to help us understand how to keep it safe.
- Proven experience of security design across multiple digital projects over a number of years, inside or outside the company We need to bring a significant improvement to the way we implement, achieving “the art of the possible” today within cost and time constraints.
- Agile and Lean practices Must have 5-10 years’ experience working in “agile” projects, preferably across multiple methodologies (scrum, Kanban, XD). Can adapt and reflect, is resilient and has the ability to see outside of the process. Able to use a blended approach depending on the context. Able to measure and evaluate outcomes. Able to help teams to manage and visualise outcomes.
- Communicating between the technical and non-technical Able to listen to the needs of technical and business stakeholders and interpret them. Able to manage stakeholders’ expectations and be flexible, is capable of proactive and reactive communication. Facilitates difficult discussions within the team or with diverse senior stakeholders.
- Making the process workable to identify and challenge organisational processes of increasing complexity and those processes that are unnecessarily complicated. Able to add value and can coach the organisation to inspect and adapt processes. Guides teams through the implementation of a new process.
- Planning understands the environment and is able to prioritise the most important or highest value tasks. Able to use data to inform planning. Able to manage complex internal and external dependencies. Able to provide delivery confidence. Able to remove blockers or impediments that affect the plan and is able to develop a plan for difficult situations. Ensures teams plan appropriately for their own capacity.
Additional Skills – desirable:
- Experience navigating the IT landscape of our team members are new, and highly technical, hands-on people. Designing good services is not complex, but it is hard – and requires knowledge of “how things work”.
About the Client-side deployment:
Our Client, a Super Major, is a Global Energy Company. Around 84,000 employees across more than 70 countries working together to power progress through more and cleaner energy solutions.
Specialties: Upstream/ Downstream, Bio-Fuels, Integrated Gas, New Energies, Chemicals, Energy, and Trading.
- 25 Days Annual Leave
- Udemy Training Platform
- All Public Holidays are not required to work
- Free fruit/ hot & soft drinks/ cookies/ candy (If onsite at Level39)
- You’ll become a community member of Level39 giving you an access and insight to network amongst peers and learn more about tech trends and events like Artificial Intelligence/ Machine Learning/ Crypto/ Digital Banking/ Cyber/ Robotic Process Automation/ Internet of Things, among others
- Monthly Socials/ Summer Socials/ Winter Socials
- Time to attend conferences
- Work from home opportunities
- Discount on Wintersports holiday at aero1607.com
- Weekly/ Fortnightly and monthly catch-ups with your assigned Talent Attraction and Retention Consultant at AubayUK for open and honest feedback and support – ensuring smooth onboarding.
- The opportunity to work direct for the Client at the end of the assignment on a permanent basis