Director - BISO IB & Markets

BISO specializes in information security issues relevant to the business such as how to securely implement customer-facing technologies and how to appropriately protect customer information. A major role of the BISO is to ensure that the business unit or division understands that information security is a business requirement like any other business requirement and bringing about “business intimacy”. This individual also assists in the implementation and translation of enterprise security requirements, policies and procedures.

• Demonstrated success operating as a senior security leader within a large, complex, and highly regulated enterprise, with accountability for business‑aligned cyber risk outcomes.
• Proven ability to influence and challenge Director, Managing Director, and Executive Committee‑level stakeholders, driving decisions and outcomes across a highly matrixed organisation.
• Recognised expert in enterprise‑scale cybersecurity strategy, technology risk management, and secure architecture, with the ability to set direction rather than deliver tactically.
• Strong executive communication skills, with a track record of translating complex cyber and technology risk into clear, decision‑ready insights, recommendations, and trade‑offs for senior leadership.
• Experience defining and overseeing management information (e.g., KRIs, KCIs, incident trends, risk acceptances) that supports effective governance, accountability, and prioritisation at executive level.
• Confident and credible presenter to Director, MD, and ExCo audiences, able to handle challenge, influence outcomes, and drive clear ownership and actions.
• Broad, senior‑level domain knowledge across cloud, IAM, network security, data protection, application security, and incident response, with the judgement to prioritise based on business risk.
• Demonstrated leadership in cyber risk governance and regulatory engagement, including alignment with NYDFS 23 NYCRR 500, UK PRA/FCA, SEC, and other applicable global supervisory frameworks.
• Experienced in risk ownership and oversight, including governance forums, risk acceptances, material remediation programmes, and translation of enterprise cyber GRC requirements into business adoption.

To provide a primary liaison service between the business, technology, and security functions. In order to ensure the confidentiality, integrity and availability of information, and support the mitigation of security risk.

• Collaboration with stakeholders to understand their security requirements in business processes and IT projects, to enhance overall risk management.
• Execution of risk assessments to identify and prioritise potential cybersecurity threats that could impact the banks operations and data and guide the implementation of mitigation strategies and communicate findings to relevant senior stakeholders.
• Collaboration with business units to develop and implement security policies and procedures for the banks operations aligned to the risk management framework.
• Management of the implementation, testing and monitoring of security controls across the banks IT systems to ensure the effectiveness of controls and mitigation of risk.
• Execution of training content and sessions to educate employees, enhance cybersecurity awareness and provide guidance on safe online practices.
• Management of complex cybersecurity incidents by collaborating with IT teams and response experts to effectively resolve cases through analysis, expertise support and project supervision.
• Identification of emerging cybersecurity trends, threats, and new technologies to address potential risks by advocating the adoption of new security solutions.

• To manage a business function, providing significant input to function wide strategic initiatives. Contribute to and influence policy and procedures for the function and plan, manage and consult on multiple complex and critical strategic projects, which may be business wide.
• They manage the direction of a large team or sub-function, leading other people managers and embedding a performance culture aligned to the values of the business. Or for an…