Job Title : Technology Assurance
Barclays is a British universal bank. We are diversified by business, by different types of customers and clients, and by geography. Our businesses include consumer banking and payments operations around the world, as well as a top-tier, full service, global corporate and investment bank, all of which are supported by our service company which provides technology, operations and functional services across the Group.
Risk and Control Objective
Take ownership for managing risk and strengthening controls in relation to the work you do
We’re committed to providing a supportive and inclusive culture and environment for you to work in. This environment recognises and supports ways to balance your personal needs, alongside the professional needs of our business. Providing the opportunity for all our employees, globally to work flexibly empowers each of us to work in a way that suits our lives as well as enabling us to better service our customers’ and clients’ needs. Whether you have family commitments or you’re a carer, or whether you need study time or wish to pursue personal interests, our approach to working flexibly is designed to help you balance your life. If you would like some flexibility, then please discuss this with the hiring manager, and your request will be reviewed subject to business needs.
Structured hybrid role:
At Barclays, we offer a hybrid working experience that blends the positives of working alongside colleagues at our onsite locations, together with working from home. We have a structured approach where colleagues work at an onsite location on fixed, ‘anchor’, days of the week, for a minimum of two days a week or more, as set by the business area (or nearest equivalent if working part-time hours). Please discuss the working pattern requirements for the role you are applying for with the hiring manager. Please note that as we continue to embed our hybrid working environment, we remain in a test and learn phase, which means that working arrangements may be subject to change on reasonable notice to ensure we meet the needs of our business.
• Provide assurance to Technology Leadership regarding the design and operating effectiveness of the Technology control environment in mitigating relevant risks through a defined and agreed programme of testing activity for Barclays.
• Review activities to remediate control gaps and assess whether the risk has been fully mitigated and whether the implemented controls are sustainable for Barclays.
• Identify, evaluate, report and escalate risks in line with Barclays risk and control frameworks, utilising relevant tools and analytical techniques.
• Provide guidance to ensure compliance with Barclays Group and Technology Policies, Standards, frameworks and procedures across Business Units, Functions and Shared Services.
• Report the results of testing activities to Senior Stakeholders across Business Units, Functions and Shared Services.
• Influence and support the implementation of the Technology CCO strategy.
• Meet the needs of key internal and external risk processes, reporting schedules, stakeholders and regulatory authorities in delivering assurance activities.
What will you be doing?
• Manage the delivery of Carry out annual controls testing for Cyber, General Computer Controls (GCC) and Automated Business Controls (ABC) with the deep understanding of assessment frameworks and the applications
• Ensure quality and accuracy of control testing by performing internal quality assurance (QA) verification as per Barclays Control Framework
• Liaise with stakeholders across the three Lines of Defence to ensure efforts are aligned and complementary
• Review activities undertaken by management to remediate control gaps and provide an opinion as to whether the risk has been fully mitigated and whether the implemented controls are sustainable.
• Identify and leverage appropriate data sources and data analytical techniques to deliver targeted testing
• Extend the support towards implementation of the Technology CCO strategy to drive global consistency and improvements in risk awareness and risk management capability by developing a close and trusted relationship with key stakeholders, wherever required.
• Maintain an independent perspective, challenging as required and setting out quantified control options and risk decision recommendations.
What we’re looking for:
Cyber Information Security Controls testing:
• 5-10 years of senior testing experience of Cyber/ Technology / Application Controls / Operational Resilience
• Significant hands on experience in technology / cyber technologies and products, IS Audits / IT Assessments and GRC (Governance, Risk & Controls) and in-depth knowledge of the audit lifecycle process
• Very strong stakeholder management and interpersonal skills, and ability to influence and manage global stakeholder relationships, ranging from non-technical to highly technical.
• Ability to assess and manage scope change controls, and adapt / lead testing of new technologies
• Analytical approach and proven ability to manage issues through to resolution
• Strong interpersonal skills and Team player who can communicate and deliver as part of a global matrix team
• Understanding of Software development, and software / code testing approaches and methodologies.
• Honors degree in computers science. Professional Certification like CISSP will be an added advantage
Skills that will help you in the role:
• Extensive knowledge of Cyber, Information and Technology risk and control including relevant tools and techniques
• In Depth knowledge of key areas in Technology and Cyber risk, including Virtualisation & Cloud, Networks, Firewalls, Security Operations, Active Directory, Identity & access management, SDLC and apps development, Resilience & Recovery planning at both application and infrastructure layers
• Relevant Professional certification (CISA, CISSP, CRISC, CISM, ISO 27001) or equivalent.
This role requires extensive knowledge and working experience in Technology, Information, and Security domain.
• Knowledge of IT architecture, networks, operating systems and database security, Active Directory, Cloud, Resiliency, SIEM tools
• Knowledge or IS/IT Risks & Controls and respective Standards / Frameworks (e.g. COBIT, ITIL)
• Practical experience in managing Technology Risks & Controls in Financial Services organisations
• OSCP qualification or similar
• CSTE qualification or similar
Where will you be working?
Be More at Barclays
At Barclays, each day is about being more – as a professional, and as a person. ‘Be More @ Barclays’ represents our core promise to all current and future employees. It’s the characteristic that we want to be associated with as an employer, and at the heart of every employee experience. We empower our colleagues to Be More Globally Connected, working on international projects that improve the way millions of customers handle their finances. Be More Inspired by working alongside the most talented people in the industry, and delivering imaginative new solutions that are redefining the future of finance. Be More Impactful by having the opportunity to work on cutting-edge projects, and Be More Valued for who you are.
Interested and want to know more about Barclays? Visit home.barclays/who-we-are/ for more details.
Purpose, Values and Mindset
We deploy finance responsibly to support people and businesses, acting with empathy and integrity, championing innovation and sustainability, for the common good and the long term.
Our values underpin everything we do: Respect, Integrity, Service, Excellence and Stewardship.
We harness the power of diversity and inclusion in our business, trust those we work with, and value everyone's contribution.
We operate with honesty, transparency and fairness in all we do.
We act with empathy and humility, putting the people and businesses we serve at the centre of what we do.
We champion innovation, and use our energy, expertise and resources to make a positive difference.
We prize sustainability, and are passionate about leaving things better than we found them.
Our Mindset shapes how we take action, living by our Values, driven by our Purpose, always with our customers and clients at the heart of what we do; our Mindset is to Empower, Challenge and Drive.
Trust and support each other to deliver. Make decisions with those closest to the topic. Include diverse perspectives. Celebrate success and learn from failure.
Question whether things can be done better. Use insights based on data to inform decisions. Be curious about how we can adapt and improve. Speak up and be open to alternative viewpoints.
Focus on outcomes. Deliver with pace. Be passionate and ambitious about what we do. Take personal responsibility. Actively build collaborative relationships to get things done.