Director - Cyber Controls Officer

-

Purpose of the Role

To act as a Cyber & Information Security subject matter expert, providing controls leadership and oversight across Cyber and the Chief Information Security Office (CISO). The role is responsible for assessing and enhancing the effectiveness of the Bank’s cyber control environment, ensuring cyber risks are managed within appetite, aligned to regulatory expectations, and compliant with Group Policy to protect the Bank from operational, financial and reputational impact.

Accountabilities

• Apply deep knowledge of cyber security, business processes and platforms to assess cyber risk and control effectiveness.
• Collaborate with stakeholders across Cyber and business units to improve control effectiveness through robust documentation of control assessments, procedures and findings.
• Identify, assess and investigate weaknesses within the cyber control environment, driving continuous improvement and effective risk mitigation aligned to the Controls Framework.
• Develop high-quality reporting to communicate key cyber risk and control insights, including control weaknesses and recommendations, to senior stakeholders and governance forums.
• Execute reviews to assess the effectiveness of the Bank’s cyber control framework, ensuring alignment to policies, regulatory expectations and industry best practice.
• Ensure consistent application of the Operational Risk Framework (ORF) within Cyber, including appropriate methodologies for assessing and evidencing control effectiveness.

Responsibilities

• Act as the Cyber SME for controls, providing expert oversight and challenge across Cyber & Information Security and CISO on control effectiveness.
• Lead and support core cyber risk and control processes (e.g. RCSA, Interim RCSA, Issue Management, Key Indicators, Standards adherence), ensuring outputs are risk-based, consistent and aligned to regulatory expectations.
• Analyse and challenge cyber risk issues and control weaknesses, working with control owners to define and track sustainable remediation actions.
• Maintain end-to-end visibility of the cyber control environment, identifying emerging themes, systemic risks and areas requiring escalation to senior governance forums.
• Support delivery and oversight of key cyber programmes (e.g. Cyber Excellence Programme, Risk Reduction Plan), ensuring clear linkage to control outcomes and risk reduction.
• Support regulatory meetings and interactions, including preparation of materials, providing SME input, and contributing to responses to regulatory requests and findings.
• Engage with 2LoD, Internal Audit and regulators on cyber-related matters, supporting reviews and ensuring timely, high-quality responses to findings.
• Maintain up-to-date knowledge of cyber threats, regulatory developments and industry best practice, applying this to strengthen the cyber control environment.

Candidate Requirements

• Significant experience in Cyber Security, Information Security Risk, or Cyber Controls, ideally within a large, complex financial services organisation.
• Strong understanding of cyber risk and control processes (e.g. RCSA, Interim RCSA, Issue Management, Key Indicators) and their practical application.
• Good knowledge of cyber security frameworks and standards (e.g. NIST, ISO 27001) and their implementation in enterprise environments.
• Proven ability to assess cyber control effectiveness, identify root causes and drive sustainable remediation of control weaknesses.
• Experience engaging and influencing senior stakeholders across Cyber, Risk and Control functions, providing credible challenge in a matrix environment.
• Strong analytical and communication skills, with the ability to translate complex cyber risks into clear, concise and actionable insight for senior audiences.

Director Expectations

• To manage a business function, providing significant input to function wide strategic initiatives. Contribute to and influence policy and procedures for the function and plan, manage and consult on multiple complex and critical strategic projects, which may be business wide..
• They manage the direction of a large team or sub-function, leading other people managers and embedding a performance culture aligned to the values of the business. Or for an individual contributor, they lead organisation wide projects and act as deep technical expert and thought leader, identifying new ways of working and collaborating cross functionally. They will train, guide and coach less experienced specialists and provide information affecting long term profits, organisational risks and strategic decisions..
• Provide expert advice to senior functional management and committees to influence decisions made outside of own function, offering significant input to function wide strategic initiatives.
• Manage, coordinate and enable resourcing, budgeting and policy creation for a significant sub-function.
• Escalates breaches of policies / procedure appropriately.
• Foster and guide compliance, ensure regulations are observed that relevant processes in place to facilitate adherence.
• Focus on the external environment, regulators, or advocacy groups to both monitor and influence on behalf of Barclays, when appropriate.
• Demonstrate extensive knowledge of how the function integrates with the business division / Group to achieve the overall business objectives.
• Maintain broad and comprehensive knowledge of industry theories and practices within own discipline alongside up-to-date relevant sector / functional knowledge, and insight into external market developments / initiatives.
• Use interpretative thinking and advanced analytical skills to solve problems and design solutions in often complex/ sensitive situations.
• Exercise management authority to make significant decisions and certain strategic decisions or recommendations within own area.
• Negotiate with and influence stakeholders at a senior level both internally and externally.
• Act as principal contact point for key clients and counterparts in other functions/ businesses divisions.
• Mandated as a spokesperson for the function and business division.

All Senior Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L – Listen and be authentic, E – Energise and inspire, A – Align across the enterprise, D – Develop others.

All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave.