Information Security Assurance Officer (ISAO)

Position

Information Security Assurance Officer (ISAO)

Group

Risk, London

Reports to

Head of Information Security

Direct reports

0

Internal relationships

• Chief Risk Officer and Risk Teams
• Chief Operating Officer and Operations Teams
• Data Team
• Operational Resilience
• Group Information Security Office (Kuwait)
• NBKI Executive Management Committee 

External relationships

• Auditors  
• External Third-Party Business and Service Suppliers 

 Number of full-time equivalent employees: 0

Grade: IBG06 

   Assistant Manager                                     

Job purpose

The Information Security Assurance Officer (ISAO) works within the NBKI Information Security Office (ISO) to ensure all information and cyber risks are identified, analysed, mitigated, and monitored, ensuring the smooth operation of the Bank. 

The ISAO addresses external attacks, mitigates zero-day vulnerabilities, and identifies security operating flaws. It ensures that Executive Management's risk targets are met and contributes to the continual improvement of the Bank's Cyber Assurance Framework, enhancing the control measures that defend the Bank.

Where improvements are needed, the ISAO will contribute to the Information/Cyber Security Strategy and Roadmap, enabling both defence-in-depth and, where appropriate, defence-in-breadth to safeguard normal banking operations.

The ISAO will collaborate closely with Security Engineering, Security Operations, and Business Resilience Teams across NBKI, as well as with the Group Information Security Office of NBKI’s parent, the National Bank of Kuwait.

Key Responsibilities 

• Collaborate with Information Security Engineering and Operations Teams to integrate security measures into business processes.
• Advise business units on security-related issues and initiatives.
• Oversee Second Line project activities to evaluate information security risks for new projects, products, systems, and other significant changes within NBKI.
• Supervise the resolution of risks and issues identified during audits or external assessments.
• Develop, review, and maintain information security governance documents, including policies, standards, frameworks, and procedures.
• Create and deliver Information/Cyber Security Awareness training, educating NBKI staff on best practices.
• Maintain comprehensive records and documentation of ISO activities.
• Provide regular updates and reports to the Information Security Management System (ISMS) governance committee.
• Manage internal and external information security requirements, liaising with relevant parties.
• Support the ISO in annual budgeting and planning.
• Participate in Cyber Incident Response as part of the ISO Team.
• Coordinate with vendors to evaluate new technologies and lead Proof of Concept evaluations as needed.
• Evaluate, recommend, and implement cloud security controls in line with emerging technologies and practices across group entities.

Qualifications, Experience, Skill and Competencies

Essential

• Experience in Information Assurance and/or working within a highly regulated UK sector for at least five years.
• Relevant Information Security qualification (degree, CISSP, or CISM) obtained or in progress.
• Strong technical acumen with broad knowledge across Information/Cyber Security, Software Development, and IT systems.
• Working knowledge of NIST CSF.
• Willingness to learn and expand skills in both Information Security and Financial Services.
• Ability to work autonomously and flexibly within a team, contributing to an improved Bank security posture.
• Analytical skills to interpret data and provide insights into threats facing the bank.
• Awareness of common Cyber Incidents and Security breaches (OWASP).

Desirable

• Knowledge or experience in SOC2, ISO 27K, PCI DSS and GDPR.
• Previous experience working within an organisations Cyber Incident Response function.
• Hands on experience with Information Security tools.

Key Success Factors

• Team player with the ability to communicate and collaborate effectively with diverse business stakeholders.
• Strong written and oral communication skills.
• High accuracy and strong attention to detail.
• Effective time management and ability to prioritize tasks.
• Strong analytical and problem-solving skills.
• Proficiency in Microsoft Office.