Responsibilities
in the role;
Identify information security and Threat Intelligence requirements and oversight of delivery by:
1. Identifying business unit Priority Intelligence Requirements that enable the business unit to conduct its business continuously in a secure manner.
2. Analysis of information across Strategic, Operational and Tactical arenas into actionable intelligence that allows stakeholders to make informed decisions.
3. Ensuring delivery of the Threat Intelligence programme within the business unit, delivery of services and products provided by Group Security. Where services are delivered by external providers, ensuring delivery of the Threat Intelligence services as per requirements of business unit.
Engage with the business unit to:
4. Develop an understanding of business goals in order to constructively engage senior business leaders on information security, identifying key threats and areas for improvement, driving appropriate risk management decisions and collaborating with partners to achieve positive outcomes and business benefits
5. Ensure emerging information and cyber security threats to the business are identified, discussed with senior business leadership and addressed through presented opportunities of security innovation.
6. Build strong relationships within the business to gain an understanding of security-related business threats, vulnerabilities and risks.
7. Facilitate Group Security support to business projects as the subject matter expert providing guidance and support in implementing Threat Intelligence project requirements.
8. Embedding information security and cyber across the business unit by:
9. Establish positive relationships engaging with technical teams and executives to deliver regular Threat Intelligence reporting and mitigation advisory and seek continuous improvement of TVM process.
10. Monitoring of threat actors and groups, and identifying key trends leveraging internal and external threat data to enable positive business outcomes, keeping senior business leadership informed about information security-related issues and activities potentially affecting the organisation.
11. Assist in running a threat intelligence platform that can store cyber threat intelligence idioms such as threat actors, exploit targets from disparate sources, devices, communities and industries in a structured & standardized way.
Focus on awareness and training including by;
12. Briefing regularly the business unit senior leadership team on cyber threats and risks profile.
13. Delivering awareness and training to the relevant business unit team and high-risk users.
14. Communicating the importance and promoting awareness of information security to the business. Increasing business awareness of emerging security threats and risks. Helping develop a security culture within the business.
15. Partnering with the different functions working on controls by:
16. Supporting Incident Response activities providing further context, OSINT support and behavioural analysis in the event of a security incident impacting the business unit.
17. Maintaining a balanced relationship with risk functions, compliance functions and with internal and external audit functions.
18. Ensure timely delivery of actionable threat intelligence across the organisation, including key stakeholders; Security Operations, Incident Response, Vulnerability Management, Security Leadership, Fraud Prevention and Industry intelligence communities.
Continuous Improvement through the delivery of;
19. Provide mentoring and development of Threat Intelligence Analysts through sharing learnings and best practices.
20. Act as the point of escalation and support for Threat Intelligence analysts in the event of complex security incidents.
21. Develop proven structure and processes such as run books that help the team achieve outstanding results.
22. Championing and supporting Group Security's wider BCM, Incident and Crisis Management functions.