About Group Information Security & Danske Bank
Danske Bank Group Information Security (GIS), headed by the office of the CISO, is a part of an organization that delivers excellent security and risk solutions to Danske Bank and its customers. Under GIS, the ITBRC team drives Risk Controls Assurance for the business, leveraging leading security control capabilities to mitigate risk and thereby drive trust in Danske Bank as tomorrow’s digital bank for the Nordic market. GIS teams work with complex technical challenges and develop Danske Bank’s global competitive edge on innovative risk mitigating solutions.
About the Job
The ITBRC team is part of Group Information Security department with colleagues located in Denmark, Lithuania and India. As a Policy and Control Frameworks Lead, you will be assigned to very interesting tasks that includes driving increasing awareness of the policy throughout Group IT and our various business divisions. Your work will be exciting and challenging because the Policy and Control Frameworks Team will set policy over critical business processes and support important regulatory response.
We are looking for Policy and Control Frameworks Lead, who will work as part of the ITBRC team to mature the information risk policy, support regulatory response, support incident reporting to regulatory bodies, review risk scoring models and risk ranking as these relate to the Policy. The Policy and Control Frameworks Lead will assist in updating the policy with management direction and see that the Information Security Policy is operationalized and actionable.
Your work will include development and maintenance of the policy framework in accordance with ISO, NIST and other applicable industry standards, regulatory requirements and business drivers. You will strengthen the Policy and Control Frameworks by making the policy framework actionable and supporting colleagues across the bank in understanding and implementing our information security policy requirements.
You will manage the team that is responsible for the upkeep of the Information Security Policy and you will manage and deliver training on the use of the policy.
The role will work across multiple frameworks and regulatory standards including, but not limited to, NIST Cyber Security Framework, ISO, GDPR, SOX, etc. The successful candidate will liaise with business groups and other stakeholders globally to support Policy management as a top priority, to better enable the bank’s risk mitigation objectives. You will;
- Manage the team and maintain IT security and risk policies and the related guidance for risk and information security control frameworks
- Review and make more actionable the policy, addressing topics such as the following (some may be owned by other teams and you will support from an information security point of view):
- Information Security
- Acceptable Usage
- Access Control
- Business Continuity
- Cyber Risk
- Disaster Recovery
- Information Classification
- Physical and Environmental Security
- Security Incident Response
- Password Management
- Clear Desk
- Information Transfer
- Mobile Device
- Software Installation
- Antivirus and Malware
- Supplier Relationship
- Records Management
- Web Application Security
- Change Management
- Cloud Services
- Provide policy awareness and leadership for the bank’s overall governance, risk and compliance program
- Regularly present to leadership issues resulting from risk analysis
- Determine and recommend potential revisions to the policy that are appropriate for the business
- Work closely within the ITBRC team to determine policy effectiveness over potential security weaknesses and develop creative ways to remediate challenges unique to critical Danske Bank business processes
- Recommend ways to improve GIS policies and IT security standards and see that the policy is easily understood and actionable by risk owners who can draw on your expertise
- Stay current with industry, regulatory, and legal requirements relevant to Policy and Control Frameworks in information security, IT risk and compliance, and data privacy
- Write, review and recommend changes to policy guidance documentation in English and see that your team keeps this guidance up-to-date
We ecpect you to have;
What We Offer
- A Bachelor degree in Management of Technology, Computer Science, Mathematics , Risk Management or Information Security or equivalent, with advanced degrees preferred
- 5+ years’ experience in GRC implementation, processes, and practices
- Experience with industry standards in Policy and Control Frameworks
- Experience with financial services regulatory compliance Policy,
- Experience writing effective policies for IT security risks
- Familiarity with records management policies, data and document classification policy, the use of collaboration technologies to maintain policy and guidance for information lifecycle practices
- Familiarity or prior experience with RSA Archer, ARIS, Collibra, Informatica Policy and Control Frameworks tools, ServiceNow GRC, Solix, IBM Unified GRC, Talend, Clearswift IG Server, OpenText Enterprise Content Management, or similar technologies would be advantageous
- Experience with writing policies that enable IT security principles
- Experience in managing a team of 3 or more individuals
- Understanding of how policy relates to critical risk processes, the technology within the processes and the inter-relationship with the systems supporting the processes for the determination, evaluation, and reporting on technology risk
- Strong interpersonal and communication skills. You will be able to demonstrate excellent English written and oral communication skills, have a good eye for detail and the ability to manage a busy workload.
- Technical writing certification or experience
- Information Governance, Risk or Security credentials such as IGP, CISSP, CSSLP, CIPPE, ITIL, or CGRC (advantageous, but not required)
We offer an inspiring environment in a large IT organization with a competitive salary. Here you will find the perfect opportunity to join a growing Business Risk & Controls team and face the challenge and the opportunity to influence and shape the critical controls over bank activities.
Furthermore, you will be working in an international team, which concentrates on innovative business facing solutions.
You will find yourself working in a highly skilled team, where you will get supportive and targeted training to ensure that your skills are maintained and updated on an ongoing basis, giving you even stronger career opportunities.
The primary working location is Denmark, Lithuania or India, but with possible relocation options.
If you are interested, please upload your application and CV as soon as possible. We will be screeing and conducting interviews on an ongoing basis.
Should you have any questions regarding the position, please do not hesitate to contact Con Jan Quach via email CQ@danskebank.dk
We look forward to hear from you.
Send application and CV no later than 01.12.2019.
Danske Bank is a Nordic bank with strong local roots and bridges to the rest of the world. For more than 145 years, we have helped people and businesses in the Nordics realise their ambitions. Danske Bank has more than 21,000 employees in 13 countries around the world who serve our 3.4 million personal, business and institutional customers. In addition to banking services, we also offer life insurance and pension, mortgage credit, wealth management, real estate and leasing services.