The Bank for International Settlements is an international organisation which fosters international monetary and financial cooperation via wide-ranging banking, economic research and policy coordination activities.

Purpose of the job:

Corporate Security at the BIS covers information, cyber and physical security.  The purpose of the job is to:

- Develop the Bank's security strategy and ensure its effective implementation across the organisation in order to ensure the protection of the Bank's people, premises and information assets.

- Develop a framework of associated policies, processes, procedures and systems, and ensure ongoing adaptation of this framework to reflect changes in business activities and the external threat environment.

- Ensure the appropriate balance in risk management and innovation capabilities in line with the Bank's overall risk appetite and strategic objectives.

- Ensure highly developed incident response and threat management capabilities to address cyber-related and/or physical security issues.

Principal responsibilities:

Security strategy

- Adapt and evolve the security strategy of the Bank and oversee its design and implementation, taking into account changes in business operations and evolving external threat environment.

- Ensure, in collaboration with business areas and IT functions, the cyber defence of the Bank both to external and insider threats.

- Establish a framework that allows for ongoing assessment of the Bank's security exposures and the associated state of the control environment.

- Establish emergency procedures for reacting to cyber and/or physical security threats.

- Establish regular reporting of security threats, mitigating measures and residual risks.

- Establish processes that support decision-making for investments in cyber and physical security and systems by making transparent the trade-off between business benefits and risks (usability vs risk mitigation).

Coordination / communication

- Ensure that areas of responsibility respond effectively to customer needs by maintaining a strategic overview of industry and technology trends as well as the Bank's business needs.

- Ensure coordination with Information Technology and Services (ITS) to promote information security by design at the architecture level.

- Maintain contact with counterparts in central banks and industry, and promote effective exchange of information, particularly in situations of critical cyber security threats.

- Represent the BIS in expert forums on physical and/or cyber security topics.

- Maintain and develop education programmes to raise awareness amongst staff of information security risks.

Cyber security operations

- Identity and access management operations: lead and manage cyber security and identity and access management operations across the organisation including the Bank's regional office locations, from intelligence-gathering, identity and access management, to incident response and containment. Ensure effective identity and access management operations, including managing of encryption keys and privileged access management.

- Ensure effective first line of defence against cyber security threats: Lead the development of incident response and recovery capabilities. Coordinate cyber crises. Manage operational-level alert network across selected central banks. Monitor the BIS's information environment to detect, analyse, track, and mitigate external threats. Provide oversight of cyber security analysis activities and direct the activities of the cyber security team to ensure the effective resolution.

- Cyber security forensics: Lead forensics investigations in case of suspected compromise and/or suspicions of insider threat cases.

Leadership responsibilities

- To manage and lead line managers for the units: Security architecture & engineering, Governance and Assurance and Physical security. Ensure direct line management responsibility for the cyber security operations team.

Budget responsibility

- Ensure that resources are used in an effective and efficient manner. Oversee the preparation and implementation of the annual security budget. Ensure effective monitoring of actual expenditures against budget in these areas, and that differences are being addressed.

Additional informations

Employment - Duration: 3 years

Contract type: Fixed-term

Application Deadline: 07/02/2021

Qualifications and work experience:

- Master's degree or PhD in computer science, cyber security , business administration or equivalent experience.

- At least 10 years of relevant Security, IT or Risk Management experience in a senior visible managerial/leadership position with, ideally, experience in a gained within a government/International organisation, or a central bank.

- Strong technical background in cyber security, and experience in incident response and recovery.

- Experienced in applying a risk-based analytical approach to IT security issues.

- Significant involvement in strategy and policy development with a track record of effective implementation, ideally in the three line of defence model.

- Banking and/or Fintech exposure is an asset.

- Excellent interpersonal skills and ability to communicate at all levels of the institution, including with senior management and at Board level.

- Fluency in English, both written and oral communication skills.