AppSec Governance and PenTest Manager

Job Title: AppSec Governance and Pen Test Manager
Location: Pune

About Barclays
Barclays is a British universal bank. We are diversified by business, by different types of customers and clients, and by geography. Our businesses include consumer banking and payments operations around the world, as well as a top-tier, full service, global corporate and investment bank, all of which are supported by our service company which provides technology, operations and functional services across the Group.

Risk and Control Objective
Take ownership for managing risk and strengthening controls in relation to the work you do.

Working Flexibly
We’re committed to providing a supportive and inclusive culture and environment for you to work in. This environment recognises and supports ways to balance your personal needs, alongside the professional needs of our business. Providing the opportunity for all our employees, globally to work flexibly empowers each of us to work in a way that suits our lives as well as enabling us to better service our customers’ and clients’ needs. Whether you have family commitments or you’re a carer, or whether you need study time or wish to pursue personal interests, our approach to working flexibly is designed to help you balance your life.  If you would like some flexibility, then please discuss this with the hiring manager, and your request will be reviewed subject to business needs.

Hybrid Working 
Structured hybrid role:    
At Barclays, we offer a hybrid working experience that blends the positives of working alongside colleagues at our onsite locations, together with working from home.  We have a structured approach where colleagues work at an onsite location on fixed, ‘anchor’, days of the week, for a minimum of two days a week or more, as set by the business area (or nearest equivalent if working part-time hours). Please discuss the working pattern requirements for the role you are applying for with the hiring manager. Please note that as we continue to embed our hybrid working environment, we remain in a test and learn phase, which means that working arrangements may be subject to change on reasonable notice to ensure we meet the needs of our business.

Introduction 
The Cyber Security Governance Manager will interface with all three lines of defence, to ensure right governance is followed for CSO functions such as application security, vulnerability management, secure config and penetration testing. This will include working on information security standards, report on control performance metrics. review exceptions and inform stakeholders about open risk positions. 

What will you be doing?
•    Support cyber security standards owner in creation, maintenance and enhancement of control requirements and control libraries.
•    Track and report on control performance metrics by preparing sheets, presentations and dashboards for stakeholders.
•    Analyse data and produce ad-hoc reports for decision making.
•    Work closely with Application Security teams to bring in enhancements, efficiency and automation in management of KCIs, KRIs etc.
•    Work with Business Unit CISO teams to drive remediation of identified issues and vulnerabilities.
•    Review exception requests against standard control requirements, formulate outstanding risk positions and communicate the same to stakeholders.
•    Inform cyber security risk positions in the context of application security requirements.
•    Document exceptions, create action plans, coordinate execution and track progress.
•    Partner with Cyber Information Security Office (CISO) and technology teams to maintain compliance to cyber security standards.

What we’re looking for:
•    Proficient in cyber security standards and control frameworks such as NIST.
•    Technical skills in cyber security domains such as application security, vulnerability management, penetration testing, 3rd party assurance etc.
•    Familiarity with regulatory compliance requirements for Banks and financial institutions.
•    Proficient in the development and use of multiple platforms (e.g. SharePoint and Tableau) to deliver self-service MI & Reporting functionality
•    Exceptional negotiation and organisational skills, with previous experience of working in a complex matrix-managed environment.
•    Excellent communication skills, both written and verbal, with the ability to communicate complex and detailed topics to a wide variety of audiences including senior leaders.

Skills that will help you in the role:
•    Strong working knowledge of Cyber Security, with the ability to translate technical content into language that resonates with a non-technical audience.
•    Good knowledge of Operational / Enterprise Risk Frameworks and how these are implemented into a business.
•    Professional certifications such as CISM.

Where will you be working?
Pune

Be More at Barclays
At Barclays, each day is about being more – as a professional, and as a person. ‘Be More @ Barclays’ represents our core promise to all current and future employees. It’s the characteristic that we want to be associated with as an employer, and at the heart of every employee experience. We empower our colleagues to Be More Globally Connected, working on international projects that improve the way millions of customers handle their finances. Be More Inspired by working alongside the most talented people in the industry, and delivering imaginative new solutions that are redefining the future of finance. Be More Impactful by having the opportunity to work on cutting-edge projects, and Be More Valued for who you are.
Interested and want to know more about Barclays? Visit home.barclays/who-we-are/ for more details.
Purpose, Values and Mindset 
We deploy finance responsibly to support people and businesses, acting with empathy and integrity, championing innovation and sustainability, for the common good and the long term.
Our values underpin everything we do: Respect, Integrity, Service, Excellence and Stewardship.
Respect
We harness the power of diversity and inclusion in our business, trust those we work with, and value everyone's contribution.
Integrity
We operate with honesty, transparency and fairness in all we do.
Service
We act with empathy and humility, putting the people and businesses we serve at the centre of what we do.
Excellence
We champion innovation, and use our energy, expertise and resources to make a positive difference.
Stewardship
We prize sustainability, and are passionate about leaving things better than we found them.

Our Mindset shapes how we take action, living by our Values, driven by our Purpose, always with our customers and clients at the heart of what we do; our Mindset is to Empower, Challenge and Drive.
Empower
Trust and support each other to deliver. Make decisions with those closest to the topic. Include diverse perspectives. Celebrate success and learn from failure.
Challenge
Question whether things can be done better. Use insights based on data to inform decisions. Be curious about how we can adapt and improve. Speak up and be open to alternative viewpoints.
Drive
Focus on outcomes. Deliver with pace. Be passionate and ambitious about what we do. Take personal responsibility. Actively build collaborative relationships to get things done.