Cyber and Information Security Analyst

About Private Bank

As Private Bank we strive to provide the right solutions for our diverse clients through our international network of specialists, located in vibrant financial hotspots around the world. Together we serve 10 different client segments to whom our businesses offer a wide range of products and services.

The Private Bank supports HNW, UHNW and Family Office banking, investment and credit needs through a dedicated Private Banker and team of investment and wealth specialists.  With offices in the United Kingdom, Ireland, Monaco, Switzerland, India and Dubai, the Private Bank offers our international client base access to a fully bespoke service. The business is high growth and significantly invested in delivering high touch personal services and creative client solutions with access to the Corporate and Investment Bank. More complex products are available through the Private Bank; including structured credit and derivative margin trading, direct access to trading desks for equity and FX forwards.

Our Overseas Services business provides banking, credit, cash management and investment expertise to our clients through a value adding relationship-led service, product specialists and digital channels. Operating from London, Jersey, Guernsey, Isle of Man, Glasgow and Dubai we directly serve eight client segments of Fiduciaries, Family Offices, Captives, Funds Administrators, Corporates, Premier Global, Local Business and Local Premier & Retail, together with supporting the booking of HNW and UHNW clients onto our Jersey and Isle of Man platforms.

Overall purpose of role

The Cyber and Information Security Analyst role will directly support the Switzerland Cyber and Information Security team, part of Private Bank (PB), with responsibility of managing the Data Leakage Prevention (DLP), Privileged Access Management (PAM), as well as Logical Access Management (LAM) daily activities.

The role will also support associated remediation programmes, including adherence to the Group Cyber and Information Security Policy and Control Framework.

Key Accountabilities

• Data Loss Prevention Incident Management (DLP)
  • Participate in daily alert review activities: investigate alerts, applying data management controls and procedures,
  • Apply local procedure in case of data loss incidents,
  • Provide general advice and guidance around data loss prevention to business users, including remediation of process issues as identified through monitoring alerts.
  • Work with local Legal, Compliance, HR and other key stakeholders as appropriate,
  • Participates to testing campaigns in case of policy or system upgrades.
• Privileged Access Management (PAM)
  • Review and approve privileged access requests,
  • Create and review privileged access reports for violations.
  • Support configuration of the PAM toolset (Cyberark, Powerbroker, Imperva)
• Logical Access Management (LAM)
  • Maintain, the implementation and maintenance of the Role Based Access Control framework:
    • Understand Identity and Access Management principles,
    • Manage daily access requests to critical applications,
    • Manage daily access control and out of process alerts; take remediating actions to return to satisfactory,
    • Manage exceptions based on business rationale,
    • Take responsibility in the recertification processes for Business Critical applications (RBAC content review, data owners review, offshore user access to Swiss IT applications etc…).
    • Participate in ad-hoc projects to onboard new sensitive applications within the RBAC.
• Assist with Vulnerability management across the supported infrastructure:
  • Review and reporting of monthly scans,
  • Ensure any security threat, vulnerability, non-compliance and risk specific to the BU is properly followed-up, escalated and remediated.
• Support with Coordination of local security related initiatives (PenTests, Upgrades of security platforms etc.), local delivery of global cyber projects and local remediation of large-scale cyber issues identified by security teams.

Risk and Control Objective

Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Barclays Policies and Policy Standards.

Person Specification

• Good communication skills with the ability to work with other teams globally and locally.
• Strong troubleshooting and analytical skills
• Background in Information Security principles, and/or (Information) Risk
• Knowledge in Identity and Access Management, Data Loss Prevention and Privileged Access Management Tools are an asset
• Working experience of Windows and Linux operating systems, as well as SQL to support the PAM activities
• Notion in banking secrecy is preferred.
• French and English required
• Residence in Switzerland is preferred,
• Ability to work outside business hours, during evening and week ends (adhoc).

Purpose and Values

Our purpose is creating opportunities to rise. We support sustainable and inclusive growth by connecting the ideas, innovations and aspirations of our customers and clients to the capital that can bring them to life. For over 325 years we have funded progress, and today we remain committed to helping make our world more sustainable, more inclusive and more connected.

Our values underpin everything we do: Respect, Integrity, Service, Excellence and Stewardship.

Respect

We respect and value those we work with, and the contribution that they make.

Integrity

We act fairly, ethically and openly in all we do.

Service

We put our clients and customers at the centre of what we do.

Excellence

We use our energy, skills and resources to deliver the best, sustainable results.

Stewardship

We are passionate about leaving things better than we found them.