Data Breach Incident Response Manager
A bank with a soul
We are a global bank which is big enough to be relevant to the world's most sophisticated corporations but small enough to be local, nimble and innovate. We tap into our DNA as a global trade bank, committing to the dynamic markets where we have operated for over 150 years. We link these markets with each other, as well as to Europe and the Americas, to help our corporate and institutional clients manage their global investing and financing needs.
In addition, we use our deep knowledge in local markets to help our customers and clients grow, invest and protect their wealth.
Our unrivalled network and unique culture make this organisation special and creates opportunities for unparalleled career and development experiences. The success of the Bank hinges on how we harness our unique strengths, create an inclusive and flexible environment, and where our people feel empowered to use the freedom and accountability that we give them to go above and beyond for our customers
We believe that every one of our colleagues plays a tangible role in delivering our purpose and we all feel strongly about living our valued behaviours and our brand promise - Here for good. The Data Management & Privacy Operations Function
The "Data Management and Privacy Operations" team is part of a newly formed '1st line' centre of excellence under Group COO - Trust, Data & Automation. The role will support the businesses and functions & 2nd line compliance, through the provision of effective service delivery model to drive operational excellence (including effective project and change management) in respect of data management, data privacy & records management capabilities. The role will work internally with Head -ICS & Risk assurance teams, business & functions partners & 2nd line compliance colleagues to design, implement & operationalise capabilities for Data Management, Privacy & Records Management. The role will ensure that these capabilities are operating effectively in BAU to achieve and manage the respective business objective in this area. The role will also provide timely feedback / data to all stakeholders to meet any key regulatory obligations and key business priorities.
SCB is searching for a strong privacy professional preferably with demonstrated experience handling data breaches and basic working knowledge of IT Security Risk Management principles.
This is a subject matter expert role in the data breach operations team, responsible for the effective handling of all suspected data breaches involving both personal and non-personal data.
The position reports directly to the Head, Data & Privacy Operations team. Key Responsibilities
· Run the Data Breach Response Plan and lead an appropriate response in the event of a security incident or data breach.
· Manage, drive and report on incident trends both internal and external in order to identify potential issues (systemic or otherwise) requiring corrective actions
· Build and sustain partnership with security stakeholders to maintain a collaborative environment
· Provide mentorship and technical guidance to less experienced data breach responders and staff within Businesses and Functions handling suspected data breached.
· Provide support or guidance to the Awareness Team with improving or developing SCB's Security Training material as it relates to user awareness on data privacy and banking secrecy.
· Enable information security awareness by incorporating lessons learned into current information security requirements
· Establish procedures for reporting and receiving information regarding incidents. This will include establishing a hotline for reporting, tracking, and coordinating incident data, and maintaining a database of incidents to analyze and assess incident types and volumes.
· Monitor the resolution of all incidents and prescribe corrective actions pursuant to incident containment and recovery.
· Provide the organizational community guidance and technical assistance to manage notification requirements.
· Assist in the development of policy and guidance for the incident response team and technical support and system teams.
· Participate as a subject matter expert in incident response meetings with key stakeholders and executive bank staff.
· Provide thought leader-level knowledge with, and/or a proven record of success directing efforts in incident handling processes
· Responsible for responding to data breach events, coordinating breach response operations with the other participating operational teams, and advising businesses and functions on breach response best practices.
· Responsible for managing and tracking suspected and actual breaches from start to finish. They are also responsible for understanding and implementing breach response best practices.
· First point of contact for reporting of suspected and actual data breach
· Create operational plans and reports for business and functions in respect of data breach management,
· Build strong cross-functional relationships with other teams at SCB to support the expansion of breach response program, consistent and unified communications with stakeholders, and an overall outstanding data breach response.
· Prepare breach response processes to address various breach scenarios
· Advise internal business partners on security best practices and breach mitigation strategies
· Actively participate within SCB Crisis Response Community Participate in seeking out other opportunities to build unified processes across all Incident Management/Crisis Response sub-domains Skills
· Knowledge of incident response processes and management reporting
· Strong attention to detail and the ability to conduct root cause analysis
· Experience responding to the business and/or regulatory environment by proactively recommending changes to policies and procedures
· Ability to handle multiple projects and reprioritize at a moment's notice
· Possess excellent written and oral communication skills
· Excellent stakeholder and relationship management with the ability to build strong relationships in order to leverage resources outside of direct control to achieve goals
· Foster an agile, high-performance, collaborative culture which is creative, open, supportive and dynamic with high levels of continuous improvement mind-set. Operational Excellence & Quality
· Ability to establishing and maintaining strong relationships with technical and non-technical stakeholders. Qualifications (Demonstrated Competence):
· Demonstrated experience in Data Breach Response, or Incident Response
· Must have knowledge and hands-on experience on breach notification and privacy laws around data breach scenarios.
· Demonstrated experience handling and investigating sensitive matters requiring investigation.
· Demonstrated experience designing and implementation data breach processes and capability, or other investigation processes.
· Proven ability to build relationships with and understand the business needs of customers and deliver demonstrable value
· Proven ability to build strong working relationships with colleagues and partner organizations
· Demonstrated expertise in both privacy risk management and IT Security Risk Management is preferred for this position.