Job Description
Job Title: Security Manager
Company: UK Payments Administration
Unit: Security Unit
Reporting To: Director of Security
Salary Band: D
Purpose of Job
The security manager role is the principal point of contact for the delivery of security support to the following primary stakeholders:
• Bacs • C&CCC • CASH • FPS • FISS • PayM • PC • UK Cards • UKPA
The role requires end to end management of the security support to primary stakeholders inorder to delivery effective and efficient security support to current enterprise activities and assets (including staff) and planned business or capability development initiatives. This will be derived from acquiring a detailed understanding of business processes and risks. Responsibilities will include representation of stakeholder security interests and concerns in sector, industry and international forums. This will entail reaction to tactical events and incidents as well as contributing to operational security capability development and strategic research papers and topics.
Main Activities and Responsibilities
1. Information Security Expertise. Maintain a high level of technical expertise and
practice as applied to protecting payment systems, current and emerging threats and vulnerabilities in ICT and appropriate and evolving mitigating strategies and counter-measures. 2. Information Security Incident Response Coordination. To coordinate any information security incident that impacts a primary stakeholder.
3. Information Security Consultancy. Provide professional advice and specialist security consultancy to the Payments Scheme. Capable of applying information security principles to support business objectives in the delivery of new innovative payment schemes and systems. 4. Standards. Understand the benefits, limits and constraints of industry, national and international standards, methodologies, maturity models and conceptual frameworks in order to provide situationally aware and contextually appropriate security advice and recommendations. 5. Threat Awareness. Understand the techniques, tactics and procedures of cyber network attack originating for hacktivism, organised crime, state motivated actors resulting in crime, subversion, espionage, sabotage and terrorism.
6. Security Education & Training. The ability to plan and deliver individual and group security awareness training to enhance corporate and personal security postures.
7. Annual Security Seminar. To organise and be responsible for all of the administrative support for the Annual Security Seminar including setting the agenda, finding suitable speakers, securing an appropriate venue and related sponsorship.
8. Industry Representation. To represent Security Unit and Members (industry) when called upon to do so as the SME for all forms of security.
9. Additional Duties. Any other duties as may be required and directed by the Director of Security.
•
Security professional with significant experience in the security field preferably, but not
essentially, within the payments industry. It is highly desirable that this experience
encompasses applying information security principles in multi-stakeholder environments.
•
A broad understanding of information security principles and practices, based on a sound
and proven track record in applying this to complex systems and processes in
multi-stakeholder environments. The capability to think beyond current planning horizons and
to apply this to evolving requirements and innovative proposals.
•
A good knowledge and understanding of The UK Government’s information security
structures and organisations, particularly as they are applied to Critical Infrastructure
Protection policies, processes and requirements; including telecommunications.
•
A broad technical knowledge of current security architectures and how this interacts with
general information technology architectures. An appreciation of modern PKI
technologies is desirable.
•
The confidence and presence to communicate complex security concepts to
non-technical senior audiences with the capability of informing high level decisions on the
implementation of sound cost-effective information security measures to current and
future payment systems.
•
Professionally qualified (CISSP or MSc Info Sec).
•
Good communication skills.
•
Evaluation and verification of delivered technical solutions against previously approved
architecture specifications and change requests
Desirable Competencies
•
Experience of managing third party suppliers.
•
Experience of assurance activities of third parties.
•
A proven ability to lead and deliver security projects.
•
Project Management experience Familiar with industry best-practice approaches to the
design, implementation, operation and management of IT systems (e.g. Agile, Waterfall,
ITIL, COBIT)
Scope
• Member of the Security team, reporting directly to the Director of Security. • Internal Contacts -
• External Contacts –
• London based but required to travel on occasion within UK and Europe
Possible Working Styles
Occasional Mixed Working Work can effectively be done at home or remotely on an occasional basis (e.g. personal circumstances, completing project work).
Contractual terms will remain office based.
Core Competencies: Level
Team Co-ordination
Motivates others within the team and works to develop team spirit, cooperation and morale. Uses and values expertise of all individuals within the team to reach a decision and also encourages all team members to contribute to group discussions. Deals positively and objectively with conflict.
Leads & Encourages team members in difficult circumstances. Inspires a common sense of purpose in team activities. Ensures that the team is focussed on the achievement of objectives. Encourages and supports team members and respects different views, values and opinions. Encourages peer and upward feedback to improve team working.
Works with Other Teams
Represents the team and maintains good working relationships with other teams.
Interpersonal & Communication
Communicates UK Payments aims, values and strategy clearly and
positively.
Provides information about corporate issues and plans about contentious news or issues, and also encourages and provides feedback. Encourages free discussion.
Upward Communication
Communicates issues and risks throughout all levels in the organisation. Maintains upward communication.
Formal Presentations
Understand the audience. Prepares thoroughly in advance. Uses effective presentation materials and forwards information in a structured and concise manner.
Relationship Management
Builds and manages relationships. Consistently shows respect and concern for people as individuals
B
Solution-Focussed Open Minded
Is willing to adopt new approaches and techniques, both personally and for the team, not just sticking to traditional approaches. Encourages new approaches.
Awareness
Appreciates the various political, social and environmental influences that exist when assessing situations. Demonstrates cost awareness. Demonstrates risk awareness, evaluating the level of risk associated with particular courses of action.
Decisive
Makes reasoned judgments in a timely fashion. Commits to a course of action without undue delay or prevarication.
Thinks as Part of a Team
Focussed on team solutions. Always takes into consideration the impact of own decision making on other business units.
Prioritisation and Time Management Planning and Prioritisation
Provides others with clear and detailed plans identifying the required outputs and timings. Prioritises Unit objectives and clarifies these to staff.
Manages Team Work
Ensures completion of tasks through effective use of team time and prevents issues from interfering with work completion. Breaks large tasks down into achievable stages. Determines realistic time plans.
Manages Resources
Manages team resources to ensure that tasks are completed.
Manages progress against plans and makes amendments as necessary.
B
Creativity and Flexibility
Promotes Change positively to team members and advocates difficult
situations as opportunities for learning. Speaks positively about advantages of change to others and the need for flexibility.
Advocates New Approaches
Encourages in others the need to modify behaviour to deal effectively with changes in the environment. Encourages others to try new approaches to complete work.
Develops Initiative
Takes advantage of opportunities to learn and uses feedback to improve performance. Learns by their own experiences and the experiences of colleagues, and encourages others to do the same.
C
Motivation
Committed to continual learning to keep in line with the business as the environment changes.
Works above and beyond
Shows commitment to UK Payments by exceeding internal & external customer needs and delivering a quality service. Is willing to go beyond the boundaries of the role if necessary.
Adaptability
Responds positively and co-operatively to change challenges and conflicting demands.
Persistence
Persists in seeking goals despite obstacles and setbacks. Is self-motivated, and motivates others to complete the job at hand.
Professionalism
Quality Focus and Continuous Improvement
Promotes the need for and enforces adherence to quality procedures. Sets and achieves quality standards. Actively considers the quality angle of the work of the whole team and seeks to improve quality procedures. Assesses and reviews risk exposures, assigns responsibility for risk to individuals.
Builds External Relationships
Builds long standing relationships with clients and addresses issues and concerns promptly. Is focussed in mindset and disciplined in approach.
Resolves Conflicts
Listens to and understands concerns of external and internal clients and staff. Is proactive and takes ownership for resolving problems and issues internally and externally.
Supports Corporate Initiatives
Actively supports the UK Payments Corporate Initiatives and takes responsibility for implementing initiatives internally in their team.
B
Generic Competencies: Level
Payment Industry Knowledge and Expertise
“Broad understanding of money transmission (the movement of funds in a secure environment) in a payments environment, including the players and processes”
Law Relating to Payments Industry
• General awareness and working knowledge of law relating to the payments industry
Meetings
• Attend, represent and contribute effectively to meetings External Environment
• Display some knowledge and understanding of relevant external environment
Technical and Operational Advice/Guidance
• Provide first point of reference for stakeholders Rules, Procedures, Standards and Guidelines
• Co-ordinate the development of rules, procedures, standards and guidelines
Evaluation of Management Information and Statistics • Implement the recommendations
• Analyse and draw conclusions from the available management information
Strategy
• Identify and address issues arising from the implementation of a new strategy
Understand Stakeholders* Relationship with the Payments Industry
• Demonstrate some knowledge and understanding of relevant stakeholder relationships
Stakeholder Education and Awareness • Implement the agreed strategy Note:
* Stakeholders are defined as members and other participants. It is acknowledged that stakeholders will vary depending on the area of the business in which the job holder operates. Stakeholders will be identified within the ‘scope’ of individual job descriptions.
Administration
Relationship Management and Communication
- Manage calls and queries, if too complex direct to the relevant person - Manage diaries
- Feedback and action information from meetings to the unit and division
Meeting Administration and Co-ordination - Attend meetings and take minutes
- Arrange internal meetings with multiple attendees
- Attend internal meetings as a representative for the division
- Manage national and international itineraries, booking all aspects of the travel with a company credit card
- Make complex travel arrangements - Book meeting rooms and refreshments
Budget
- Proof divisional budgets and minutes - Manage specific budget components
Compliance
- Deal appropriately with highly sensitive and confidential information Adhere to company standards and house style
Committee Secretariat
UK Payments Committee Secretaries’ Guidelines - Provide input into manual updates;
- Ensure that information is kept relevant; - Undertake training of new staff.
Relationship Management and Communication
- Build and develop rapport with membership and in particular the chairman; - Ensure Chairman fully notified of all issues through the Chairman’s briefing; - Ensure attendees are informed of any issues prior to meetings;
- Display attendee awareness e.g. day job of member, time of meeting for travel.
Agenda, Papers and Minutes
- Provide input towards setting meeting agendas; - Prepare meeting papers;
- Prepare accurate minutes;
- Motivate attendees to gain responses to action lists; - Obtain, collate and analyse responses;
- Mitigate the surprise element; - Understand attendee agenda;
- Ask attendees to raise specific issues in a certain way.
Background
- Display awareness of the history of an issue; - Display awareness of membership;
- Understand background of committee.
Strategic Planning
- Develop the work plan for the committee for current year and the longer term; - Ensure terms of reference are up to date and complied with and reviewed
and approved by the committee at least annually; - Undertake research under direction of the Chairman.
Compliance
- Ensure adherence to Companies Act – board;
- Ensure adherence to Competition Act and annual reminder to committee; - Remind Chairman if deviates from Companies Act;
- Ensure adherence to Disability Discrimination Act and annual reminder to the Committee.
A
Business Analysis & Consultancy Expertise and Knowledge
- Respond to complex industry queries - Identify problem and formulate solution
- Demonstrate depth of knowledge in required areas of expertise
Report Writing and Publications - Control production of formal report
- Produce report with in depth analysis and interpretation - Edit reports of a non complex nature
- Consult stakeholders on report content - Understand business context of report
Committee Paper Writing
- Understand and articulate the business issues in a clear and concise manner
Quantitative Analysis
- Carry out complex numerical analysis (e.g. trends, forecasts, scenario building)
- Identify problem and formulate numerical analysis - Undertake model building
- Research quantitative techniques and stay up to date with industry best practice
Qualitative Analysis
- Facilitate discussions and workshops - Promote debate
- Understand the main qualitative techniques their applications and be able to apply them to specific business problems
- Interview on a one to one basis - exploring context, issues, probing and thinking on your feet
- Pull out key messages and provide feedback - Distinguish important and less important issues
- Formulate conclusions and recommendations to drive debate
- Act as a source of information for both internal and external members requiring information
Knowledge Management
- Formulate knowledge requirements in specific business areas - Ensure appropriate distribution channels for knowledge - Provide knowledge and an awareness of knowledge sources
Project Formulation
- Identify a task/project requiring attention and undertake research into the project/problem using expertise in the area
- Structure project plans (time scales, budgets, and tasks) - Achieve buy-in to proposals
Communication
stakeholders
- Answer complex questions
- Tailor messages for different audiences - Structure presentations
- Provide analysis and comment
- Introduce and summarise reports – drawing out the main points - Make recommendations
- Chair working groups
- Develop business relationships
IT Knowledge Livelink
- Apply and manage permissions
UK Payments Contacts Database
- Manage all other fields, run reports and understand synchronisation
Core Microsoft Applications
- Advanced knowledge – expert user
- Word – edit and maintain complicated documents, including table of contents, header and footers, linking, macros and hyper linking to other applications
- Excel – apply complex formulae, macros, pivot tables link tables and advanced functions
- PowerPoint – work with charts, linking, animations, flow charts
Outlook
- Advanced knowledge of Outlook
A
Project Management Project Leader
Strategy and Business Awareness - Understands strategic direction
- Demonstrates a broad understanding of the context of the project in terms of overall business and/or corporate objectives
Planning
- Contributes to project brief, project initiation documents (PID), project plans and business case
- Assists in setting project objectives and timelines
Managing Product Delivery
- Develops statement of requirements and tender documentation if needed - Provides regular progress reporting to project manager
- Contributes to the post-implementation review including ensuring lessons B
learnt are documented
- Assists in tracking project risks, issues, project plan.
Analysis and Decision Making Input
- Under broad direction, analyses options and provides recommendations - Understands the implications of decisions on the big picture
- Provides input into resolving issues - Alerts project manager to potential issues
Negotiation, Communication and Relationship Management - Contributes to development of project communication plans - Communicates objectives and time lines effectively
- Prepares project reports under direction of project manager - Communicates with peers and stakeholders
- Resolves issues as they arise.
Risk Management
- Contributes to the development of the risk and issues register - Highlight potential issues with project manager as early as possible - Displays knowledge of risk assessment guidelines
Project Organisation
- Displays strong time management skills
Project Management Manual
- Uses the UK Payments project management procedures and guidelines appropriately within the project context
- Uses corporate style for project documentation
General Management FUNCTION MANAGER Business Strategy
- Contribute to the development and improvement of the operational framework;
- Maintain ongoing support and innovate improvements; - Keep up to date with business developments and direction.
People Management and Leadership
- Maintain understanding of people management policies and practices;
- Ensure motivation of staff and alert unit and/or division/company Head where issues arise;
- Contribute to recruitment of vacant posts;
- Undertake performance and development process for direct reports, referring to unit/division/company Head as required;
- Ensure training and development of direct reports through the PDP process; - Effectively delegate to enable staff empowerment to do their jobs.
Financial Management
- Follow and enforce financial policies and controls; - Manage all costs within the approved budget.
Risk Management
- Understand and take responsibility for applying risk management strategy, policies and controls.
Stakeholder, Customer and Supplier Management
- Deliver services to satisfy stakeholder and customer needs and add value; - Develop and maintain relationships with stakeholders, customers and supplier groups.
Delivery and Operations Management
- Take responsibility for applying delivery management strategy, policies and practices.
- Ensure the successful delivery of activities and services to retain customers and monitor the standard of output to maintain quality
- Deliver and support all operational and project activities ensuring that they are undertaken with due regard to corporate standards and methodologies - Operate within the framework provided for UK Payments strategy
Policy, Regulatory and Lobbying Represent the Industry
- Represent industry view to external audiences - Co-ordinate and identify issues across the industry - Maintain commercial/industry awareness
Meetings and Events
- Organise events and receptions with external stakeholders - Facilitate meetings with external stakeholders
- Deputise at industry level meetings
- Liaise and consult with internal stakeholders and members
Lobbying Campaigns
- Project manage lobbying campaigns
Administration
- Produce publications
- Write and circulate on regulatory development register - Obtain professional advice
B
