Internal Security Controls Specialist-LON34063
At Schroders, asset management is our only business and our goals are completely aligned with those of our clients - the creation of long-term value to assist them in meeting their future financial requirements. We manage £294.8 billion (€400.0 billion/US$446.5 billion) on behalf of institutional and retail investors, financial institutions and high net worth clients from around the world, invested in a broad range of active strategies across equities, fixed income, multi-asset, alternatives and real estate. We employ over 3,700 talented people worldwide operating from 37 offices in 27 different countries across Europe, the Americas, Asia and the Middle East, close to the markets in which we invest and close to our clients. Schroders has developed under stable ownership for over 200 years and long-term thinking governs our approach to investing, building client relationships and growing our business. *Source: Schroders, all data as at 5th November 2015.
The Internal Security Controls Specialist reports to the Internal Security Control Manager and is a member of the Information Security department. The Information Security department at Schroders are responsible for protecting the confidentiality, integrity and availability of the Groups information. This is done by identifying, protecting, detecting, responding and recovering from events that may put the Group at risk.
The Internal Security Controls team is responsible for operating and improving those controls that affect how employees can and should behave inside the office, when working remotely and when outside of our computer systems.
Overview of role
As part of the Internal Security Controls team this role will perform the following range of responsibilities on a global basis:
Data Loss Prevention
Become a subject matter expert in the configuration and operation of all data loss prevention technology within the Group. These include but are not limited to:
Internet upload monitoring
End point protection of data
File level monitoring for access to high risk data
Ensure we implement and operate appropriate controls to detect and/or prevent the leakage of critical company data to the internet.
Work together with business information owners to identify the data that warrants protection and employ controls to achieve the desired level of defence.
Access Control and Privileged Access
Become a subject matter expert in all role and rule based access control systems and processes within the Group.
Utilise access control framework software and privileged access tools to broaden depth and scope of organisations access controls.
In collaboration with IT Production management agree and manage IT privileged access to defined standards.
Security awareness for staff for internal and external methods of working
Together with specialist 3rd party providers ensure information security training and awareness campaigns are effective in educating staff and protecting the Group.
Protection of high risk assets such as employee personal data, client data and high availability unstructured data such as UDTs
Measurement of effectiveness
Identify and implement appropriate measures to determine the effectiveness of the defences and controls operated by the Internal Security Control team and of those factors that may influence strategy.
In addition to the above work with the Internal Security Controls Manager to identify and implement new controls, technologies and processes to protect, detect and respond to anomalous behaviour.
Maintain knowledge of advances in the fields of access control, data loss prevention, security awareness and related topics in the Information Security industry
Self driven to innovate and outperform expectations.
The ability to influence and drive change in a collaborative way within the Information Security department, Global Technology and wider Group.
Demonstrate strong analytical skills with the capability to assess the information provided, and provide clear and appropriate direction based on this.
Excellent communication and reporting skills, including the ability to simplify complex technical information into clear executable business intelligence.
Knowledge of current technological trends and developments in the area of information security and risk.