What does a financial services cyber cpecialist do?

Cybercrime has emerged as a major concern for global financial services firms and has become a major part of their security spending. Banks are one of the most progressive industries from a cyber security perspective and continue to invest significantly to address the rapidly evolving threat from cyberattacks.

Banks recognise that cyber security is not just a technology problem, but rather a business challenge that requires dedicated ownership, as well as the development of a clear strategy that is supported by technology teams. Professionals within these teams focus on ensuring that Information Security is considered in all aspects of the business. They employ a range of cyber security tools to protect the bank from cyber attacks and will work with technology partners to define, maintain and execute a range of processes and services.

Key Responsibilities

Responsibilities will vary, but examples include:

  • Taking responsibility for the implementation of data & cyber security and IT compliance risk management
  • Drafting and implementing relevant policies and procedures in line with legal and regulatory requirements
  • Acting as the bank's subject matter expert in relation to data, cyber and IT risk management matters
  • Stakeholder engagement to effect change and raise standards
  • Responding to requests for advice from business units, support departments and/or branch offices and positively provide the appropriate level of support to resolve the matter being referred
  • Undertaking reviews and audits of the bank's Data Security and Cyber Security Risk Analysis
  • Conducting risk assessments and providing guidance on remediation activities
  • Supporting IT and business transformation projects by performing security assessments and ensuring that controls and security requirements are being implemented through the transformation lifecycle
  • Performing data security due diligence and ongoing data security monitoring of outsourced activities
  • Tracking and preparing reports on risk metrics, to help ensure that senior stakeholders within group IT and business divisions are aware of key vulnerabilities and risks within the organisation

Why are they important?

As the number of online transactions increase, the risk of cyberattacks and data breach grows. Recent, well-publicised breaches have had a considerable impact on the reputation of the organisations affected and resulted in heavy commercial and legal penalties. As a result, cyber security has become a key focus area at board level, and investment in this area is increasing.

Skills needed for this role

Professionals in this field require in-depth knowledge of cyber security applications/processes, excellent attention to detail and the influencing skills to affect process and behavioral change amongst stakeholders.

Strategic Professional Options examinations linked to this role

Advanced Financial Management

Advanced Audit and Assurance

Career opportunities presented by this role

The significant growth in the demand for cyber security professionals is likely to continue. Roles exist at all levels and career progression is excellent. Entry-level roles include system & network administrators and professionals can progress up to chief security officer or other roles at director level.


High level competencies required include:

  • Data, digital and technology

    A. Identifies strategic options to add value, using data and technology.

    B. Analyses and evaluates data using appropriate technologies and tools.

    C. Applies technologies to visualise data clearly and effectively.

    D. Applies scepticism and ethical judgement to the use of data and data technology.


  • Governance, risk and control

    A. Evaluates organisational structures and governance to protect the long-term interests of stakeholders.

    B. Recommends appropriate strategies to ensure adherence to governance structures and application of best practice internal controls.

    C. Identifies and manages risk appropriately.

    D. Uses risk management for the best interests of an organisation and its stakeholders.

    E. Monitors and applies relevant legislation, policies and procedures.

  • Stakeholder relationship management

    A. Positively develops relationships with internal and external stakeholders.

    B. Communicates and gains commitment from internal and external stakeholder.

    C. Uses emerging technologies to collaborate and communicate effectively with stakeholders.

    D. Applies professional and ethical judgement when engaging with stakeholders.

    E. Aligns organisational strategic objectives with stakeholder needs and manages expectations.