Business Security Officer, Vocalink Limited

dom.
The services we offer to our customers in the United Kingdom account for 90% of salaries paid, nearly all benefit payments, all cheques cleared and the majority of ATM transactions. These roles do not come around very often, and you would be joining a high functioning team dedicated to ensuring that this service remains robust, secure, and seamless for 60+million citizens every day - in numbers, that is 11 billion transactions every year with a value of over £10 trillion.
The Vocalink Business Security Officer (BSO) is a senior management role, with dual reporting lines to the Vocalink Limited Chief Executive Officer, as well as to the Mastercard Chief Security Officer.
Vocalink has confidence that its security work streams are executed in a timely and effective manner with appropriate governance and communication updates. This ensures that security initiatives are focused on balancing business needs and security controls that align with Vocalink's position as a supplier of Critical National Infrastructure services. The communications and outcomes managed by the role will also form evidential artefacts for audit purposes and articulate effective Cyber resilience capabilities as defined by regulators.

All candidates will need to go through the non-objection process with the Bank of England before they are able to take up the role.

Responsibilities

The role holder will:
• Develop, implement and enforce security policies to protect critical data and infrastructure
• Provide guidance on Vocalink's Cybersecurity programme on a strategic level and ensure Vocalink remains compliant with Security standards, policies, regulations and legislation.
• Oversee the day-to-day technical activities of the Security team such as Security Operations and Incident Response, Governance, Risk, and Compliance, Vulnerability Management, Physical Security and Business Continuity Planning
• Convey security risks and potential threats to senior executives, the Vocalink Board, the Mastercard Group, Regulators and Government, including inward-facing committees as well as outward-facing customer and client committees, in business terms, present solutions, and provide actionable insights backed by data
• Ensure UK Core Services meet or exceed contracted and regulated obligations for Vocalink's customers as well as the Bank of England
• Promote a culture of strong security and facilitate security cultural change across the organisation
• Oversee Vocalink's cyber controls framework
• Use the allocated budget for Vocalink security programs efficiently and effectively and help Vocalink make smart decisions when it comes to investing in Cybersecurity
• Lead, manage and deliver outcomes whilst working as part of a larger matrixed organisation.
• Take the lead in championing the corporate values, through the implementation of robust processes, standard procedures, and quality working practices.
• Maintain Vocalink's and Mastercard's security profile across the industry through relationships with relevant external parties together with presentations and media coverage where appropriate.
• 3LoD role in line within the Risk Management Framework with accountability for the identification, mitigation and management of 1st line risks and operation of key controls
• Strong leadership and management of the Vocalink security team of approximately 60 FTE

Knowledge Skills and Experience

• Extensive experience working and operating effectively at executive level in global financial service organisations including working with a Board of Directors
• Relevant experience of working in a complex (preferably multi-national) stakeholder environment that includes complex customers and experience of working with regulators
• Experience engaging with and reporting into a Board of Directors
• Deep expertise in cybersecurity and reporting standards
• Experience collaborating cross-functionally to identify and implement best practice security, logging, and monitoring processes.
• Understanding of CPMI-IOSCO Annex F and its impact on Financial Market Infrastructure provision.
• Strong influencing skills; organizationally savvy
• Ethics - strong personal and professional ethics
• Highly motivated and conscientious individual
• Strategic thinker - able to develop and communicate direction
• Ability to motivate, inspire and lead people effectively

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard's security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.