What do cyber security professionals in banking do?

Cybercrime has emerged as a major concern for global financial services firms and has become a major part of their security spending. Banks are one of the most progressive industries from a cyber security perspective and continue to invest significantly to address the rapidly evolving threat from cyberattacks.

Banks recognise that cyber security is not just a technology problem, but rather a business challenge that requires dedicated ownership, as well as the development of a clear strategy that is supported by technology teams. Professionals within these teams focus on ensuring that Information Security is considered in all aspects of the business. They employ a range of cyber security tools to protect the bank from cyberattacks and will work with technology partners to define, maintain and execute a range of processes and services.

Key responsibilities

Responsibilities will vary, but examples include:

• Taking responsibility for the implementation of data & cyber security and IT compliance risk management
• Drafting and implementing relevant policies and procedures in line with legal and regulatory requirements
• Acting as the bank's subject matter expert in relation to data, cyber and IT risk management matters
• Stakeholder engagement to effect change and raise standards
• Responding to requests for advice from business units, support departments and/or branch offices and positively provide the appropriate level of support to resolve the matter being referred
• Undertaking reviews and audits of the bank's Data Security and Cyber Security Risk Analysis
• Conducting risk assessments and providing guidance on remediation activities
• Supporting IT and business transformation projects by performing security assessments and ensuring that controls and security requirements are being implemented through the transformation lifecycle
• Performing data security due diligence and ongoing data security monitoring of outsourced activities
• Tracking and preparing reports on risk metrics, to help ensure that senior stakeholders within Group IT and business divisions are aware of key vulnerabilities and risks within the organisation

Why are they important?

As the number of online transactions increase, the risk of cyberattacks and data breach grows. Recent, well-publicised breaches have had a considerable impact on the reputation of the organisations affected and resulted in heavy commercial and legal penalties. As a result, cyber security has become a key focus area at board level, and investment in this area is increasing.

Competences needed for this role

Professionals in this field require in-depth knowledge of cyber security applications/processes, excellent attention to detail and the influencing skills to affect process and behavioral change amongst stakeholders.

Career opportunities presented by this role

The significant growth in the demand for cyber security professionals is likely to continue. Roles exist at all levels and career progression is excellent. Entry-level roles include system & network administrators and professionals can progress up to chief security officer or other roles at director level.

Competencies

High level competencies required by cyber risk bankers include: