Cloud Governance Director

Role Title: Cloud Governance Director

Location: Radbroke / Glasgow

What will you be doing

Based in EMEA, US, and APAC Group Technology Infrastructure Services (GTIS) is a global team. GTIS is accountable for delivering and supporting resilient, secure infrastructure technology and services to customers, clients and colleagues. GTIS is structured to be truly service-oriented, strategically positioning ourselves for the ‘new world' of cloud and virtualised based services and agile working, helping it to deliver a vision to ‘Enable platforms for the digital bank'.

We are an equal opportunity employer and we are opposed to discrimination on any grounds. If this position requires the person to be an Approved Person under the Financial Services and Markets Act 2000 (FSMA), disclosure of spent convictions within the meaning set out in the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 will be required.

Dynamic working gives everyone at Barclays the opportunity to integrate professional and personal lives, if you have a need for flexibility then please discuss this with the hiring manager.

It is the policy of Barclays to ensure equal employment opportunity without discrimination or harassment on the basis of race, colour, creed, religion, national origin, alienage or citizenship status, age, sex, sexual orientation, gender identity or expression, marital or domestic/civil partnership status, disability, veteran status, genetic information, or any other basis protected by law.

Overall purpose of role

• The role is responsible for leading the global governance of the Bank's adoption of Cloud technologies and to be the global Cloud regulatory engagement lead (including (but not limited to) FED, PRA, FSA, SEC, FINRA, ECB, RBI etc).

• In fulfilling this role, the role holder is accountable for ensuring that the Bank's first line of defence including its governance, control frameworks, policies and standards are effectively implemented, and subject to regular testing to ensure that the design remains fit for purpose and the operational effectiveness is consistent with defined and approved risk appetite.

 

Key Accountabilities

• Direct and oversee the Bank's strategic adoption of Cloud technologies ensuring transition to business as usual is managed in a consistent, controlled and auditable manner, and in full compliance with regulatory requirements

• Work collaboratively across the Bank to ensure the strategic workload placement onto Cloud platforms is controlled and implemented in a way to modernise the Barclays estate and provide an enduring approach to technology refresh and ever greening

• Maintain an effective Cloud control environment through development and management of end-to-end risk assessment and oversight supported by an identified and mapped Cloud Controls Framework, including maintenance of formalised Cloud operating principles

• Work collaboratively across the Bank to ensure strategic solutions for key activities are defined and implemented such as multi-region capability and enterprise data back and restore solutioning

• Define and measure Public Cloud specific KRIs and KCIs to ensure continuous monitoring of the risk and controls effectiveness

• Establish effective governance for Software as a Service (SaaS) offerings working in close collaboration with Cloud Service Providers and internal supplier management teams to ensure supply chain risks introduced by nested outsourcing are identified

• Global Cloud regulatory engagement lead, providing thought leadership on dealing with regulatory meetings and data requests

• Attend meetings with external bodies/regulators and maintain oversight of cloud specific regulatory requests

• Responsible for the identification of regulatory (including Global Data Privacy) and policy risks and issues pertaining to use of Cloud Service Providers, tracking and reporting until closure and effectively escalating to senior management and stakeholders as applicable

• Actively manage the internal engagement model for Cloud with Operational Risk, Internal Audit, Compliance, Controls Assurance and Regulatory engagement teams

Stakeholder Management and Leadership

• Extensive senior leadership experience at Director level

• Extensive experience of leading meetings with external bodies/regulators

• Able to influence senior stakeholders of the merits of a strategic direction, when faced with resistance. Achieving this by being persuasive, reasoned and factual

• Proven ability to inspire people to deliver both through direct lines of management as well as through influence within a matrix organization

• Proven ability to unite and lead geographically and technically disparate teams from both business and technology heritages

• Experience of developing and leading high-performance teams

Decision-making and Problem Solving

• Ability to manage conflicting views from multiple stakeholders and make critical decisions

• Able to work in partnership with customers and stakeholders to find solutions to issues and escalations

Risk and Control Objective

• Take ownership for managing risk and strengthening controls in relation to the work you do

• Provide a best in class Cloud governance, risk and control function across Barclays' use of public cloud to identify, analyse and address public cloud risk (covering multiple themes such as Cyber, Resilience, Technology, Data, Supplier, Legal (Connected Risk)) with regular reporting of these to Cloud Governance fora e.g. Technology Controls Committees (GTCF & THCF) & Cloud Executive Forum (ExFo)

• Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise-Wide Risk Management Framework, Barclays Controls Framework and internal Barclays Policies and Policy Standards

What we're looking for

• Highly driven, dynamic, action oriented, and resilient, with a passion for excellence and delivery

• Good organization, planning and project management abilities

• Strong collaboration, networking & senior stakeholder management skills and able to negotiate and influence effectively

• Excellent communication and well-developed report writing skills (including strong presentational skills)

o Flexible approach with an ability to deal with rapidly changing strategies and approaches

o Experienced with risk and control environments, industry standards and regulation in relation to technology, cloud, cyber security and resilience

Essential Skills/Basic Qualifications:

• Proven Cloud SME - solid experience of Cloud principles, including identifying, assessing & mitigating risks associated with cloud computing

• Extensive knowledge of the global Cloud regulatory landscape

• Experience in performing technical roles on complex platforms in big businesses, across cloud environments and governance, operational risk, technology risk and control

• Experience of acting within a regulated environment, dealing directly with regulators and satisfying regulatory requirements associated with cloud and technology risk and control

• Hands on experience with modern technologies but also experienced in migrating from legacy technologies

• Strong knowledge of global data privacy and third-party risk management

• Proven ability to lead technical staff in technology, security, supplier, information and data management control strategy

• Experience of working across large global multi-national corporations, multi-cultural environments with different time zones

• Experience of leading regulatory meetings, engagements & inspections •

Skills that will help you in your role

• Desirable skills/Preferred Qualifications:

• Educated to a minimum degree level or equivalent

• Relevant qualification in Cloud, Technology, or related Risk Management qualification (e.g., CCSP, CISSP, CISA, CRISC)

• Ability to analyse, interpret and work robustly with others to identify issues and develop proposed solution

o Ability to understand/clearly articulate challenges facing the business and develop an appropriate solution

o High level of attention to detail, excellent communication skills in English both verbally and in writing