Security Consultant

To address the evolving cybersecurity threat landscape, the Internal Data Protection Management Team was established to provide strategic direction, leadership, and enterprise governance and oversight in relation to protecting customer data and other sensitive banking information from being lost, misused, or accessed by unauthorized users.

The primary focus for the successful candidate is to work with the Data Protection Advisors who provide advisory services to business lines regarding data protection and data loss prevention (DLP) controls. The role will assist in triaging exception requests and managing removals; they will also contribute to ruleset management to help ensure data protection controls are effective and risks are mitigated accordingly which will be monitored through KRIs and KPIs and evidenced through appropriate management reporting.

Candidate Value Proposition:

The successful candidate will be exposed to several different teams offering them many developmental opportunities.

Typical Day in Role:

• Assess and analyze low complexity data protection exceptions to ensure bank standards are adhered to and risks are mitigated accordingly.
• Work with the Data Protection Advisors when assessing high complexity data protection exceptions and participating in controls assessment evaluations, tasks, and ruleset revisions.
• Collaborate with multiple technology teams including infrastructure engineers, security engineers, developers, architects, security operations, security advisors and technology risk teams to assess and recommend on exceptions.
• Supports implementation of a strong Data Protection culture in partnership with stakeholders across various business lines.
• Helps to drive a customer focused culture throughout the team to deepen client relationships and leverage broader Bank relationships, systems, and knowledge.
  General Accountabilities
• Facilitates and contributes to the preparation of management reporting, including but not limited to data consolidation, trending and analysis, that relates to the responsibilities within the role.
• Assist with the development of processes, templates, and guidance documentation related to the activities of the role as needed.
• Builds and maintains strong relationships with key contacts to achieve DP goals.
• Ensures unresolved issues or risks are escalated to appropriate Management in a timely manner.
• Ensures that the team maintains record keeping of key documentation.
• Understands how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
• Creates an environment in which their team pursues effective and efficient operations in accordance within the bank’s Values, its Code of Conduct, and the Global Sales Principles, while ensuring the adequacy of, adherence to, and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, regulatory, and conduct risk.

Must Have Skills:

• 5+ years of working experience with data protection / DLP risks, controls, and standards.
• Working knowledge of DLP technology and tools (McAfee, zScaler)
• 3+ years of experience working in a global financial institution
• 3+ years of experience with ServiceNow (for production of reports etc.)

Nice-To-Have Skills:

• Certifications (CISSP, CISM, CRISC)
• PowerBI experience
• Spanish Bilingualism
• Experience in risk-management

Soft Skills Required:

• Sound business and technical acumen, with demonstrated agility in learning and ability to quickly become comfortable with unfamiliar businesses areas or of technologies. Ability to connect programs/projects to broader organizational goals and grasp the key performance drivers of business partners.
• Proven ability to work both independently and within a team environment.
• The incumbent must be diplomatic, flexible, with a positive, mature attitude, and the ability to remain calm under pressure and to deliver under tight timelines.
• Must also be proactive and creative, with strong, proven ability to plan and manage competing priorities, as well as ability to recognize and appropriately handle sensitive and confidential information.
• Excellent communication (presentation skills, verbal and written). The ability to communicate confidently and clearly on conference calls, in meetings, via email, etc. at all levels of the organization.
• Excellent stakeholder management and influencing / negotiation skills, capable of balancing multiple perspectives, effective at all levels.