Cloud Security Audit AVP

Barclays Internal Audit is seeking a **Cloud Security Audit Assistant Vice President (AVP)** to join their dynamic team. This is an exceptional opportunity for a seasoned professional to contribute to the critical function of providing independent and reliable cyber security audit assurance to executive management and the Board. You will play a pivotal role in shaping the governance, risk management, and control effectiveness within Barclays' evolving technological landscape.

This role offers a chance to be at the forefront of cloud security auditing, ensuring robust controls and mitigating emerging risks in a rapidly changing environment. You will collaborate extensively with cross-functional teams, bringing your expertise to bear on audit planning, execution, risk assessment, control evaluation, and issue resolution. The delivery of high-quality audit observations and the development of actionable recommendations to enhance business processes will be central to your success.

Key Advantages for Candidates:

• Strategic Impact: Influence the cyber security posture of a leading financial institution, contributing directly to the safeguarding of critical assets and client trust.
• Cutting-Edge Technology Exposure: Gain deep, hands-on experience with major cloud platforms (AWS, Azure) and modern technologies like Kubernetes and Docker.
• Career Advancement: This AVP role offers significant opportunities for professional growth, leadership development, and the chance to build a specialized career in a high-demand field.
• Collaborative Environment: Work alongside experienced professionals and diverse teams, fostering a culture of continuous learning and knowledge sharing.
• Influence and Innovation: Contribute to policy development and identify innovative ways to mitigate risk, directly impacting the bank's control and governance agenda.
• Global Reach: The opportunity to operate within a global financial services organization, providing insights into international best practices and regulatory landscapes.

Key Considerations for Aspiring Candidates:

To thrive in this role, candidates should possess a strong foundation in the following areas:

• Risk and Control Expertise: Demonstrated experience in risk and control assessment, specifically within Cyber Security, with a proven track record of driving assurance through testing.
• Cloud Security Mastery: In-depth knowledge of major cloud platforms (AWS, Azure), including common misconfigurations, vulnerabilities in serverless functions, container security (Kubernetes/Docker), and cloud storage security.
• Assurance Testing Proficiency: Experience in designing and executing assurance testing for cloud environments across a range of security domains, such as data security, configuration management, network security, incident response, vulnerability management, and identity & access management.
• Technical Breadth: A solid understanding of IT architecture and diverse technology environments, encompassing both traditional on-premise and modern cloud/hybrid infrastructures.
• Forward-Thinking Approach: Familiarity with emerging technologies, cyber security threats, and cyber resilience risks is crucial for proactive risk management.
• Professional Qualifications: Relevant certifications such as CISA, CISM, CISSP, or a related graduate degree are highly valued.
• Regulatory Acumen: A practical understanding of the relevant financial services regulatory environment.
• Framework Knowledge: Working knowledge of established cyber security frameworks and standards (e.g., NIST, CIS, ISO).

Additionally, candidates with the following skills will be particularly well-positioned:

• Financial Services Acumen: Prior experience or a strong understanding of the financial services industry.
• Threat Intelligence: Familiarity with concepts like the Cyber Kill Chain, MITRE ATT&CK framework, and threat modeling.
• Project & Programme Delivery: Experience or exposure to auditing major programmes and projects, including Agile, Waterfall, and SDLC methodologies.
• Data Analytics: Practical experience with data analysis tools (e.g., SQL, Python) to support audit and control work.

Assessments for this role will focus on critical skills including risk and controls, change and transformation, business acumen, strategic thinking, and digital and technology expertise, alongside job-specific technical proficiencies.

This role offers the flexibility to be based in either London or Knutsford.

Barclays is committed to fostering a culture where all colleagues embody the Barclays Values of Respect, Integrity, Service, Excellence, and Stewardship. You will also be expected to demonstrate the Barclays Mindset: Empower, Challenge, and Drive.