Job Description
Function description
you execute IT and security risk assessments in IT and business contexts (applications, business solutions, 3rd-parties organization, processes…).
* you execute information security and IT control plans on third parties to ensure that they are performing according to signed contracts.
* you coordinate and perform IT and security audits on third parties .
* you create one-pagers and synthetic risk reports for a management audience
* you set up processes and procedures for an end to end IT and security management for third-parties .
* you deliver consulting on IT and Cyber risk management to internal customers (IT and Business) :
* Proposition or validation of measures to mitigate risks.
* Creation of detailed or synthetic risk report.
* Support in increasing risk control maturity by providing a valuable follow up and reporting.
* you manage customer relationship and are the Single Point Of Contact for the risk management services you delivered.
* you contribute to definition and improvement of risk management methods and tools on the third-party management area .
* you contribute to writing processes and procedures supporting risk management activities outlined above, for both an expert and non-expert audience. Experience on linking different ISMS processes is a must.
* you are knowledgeable on CIAT topic and able to adapt to the way this is applied in the bank for third-party suppliers.
* you review IT and security contractual clauses for suppliers servicing bank activities.
Education
Bachelor/Master or equivalent by experience
Required Experience
* Professional experience in information security (5+ years)
* Experience in process design and Business analysis
* Experience in Third-party IT and security assessments
* Experience in risk management
* Experience in delivering presentations and training
Technical Experience
Mandatory
* Significant experience in operational/security risks management.
* Significant experience in working with cloud services (SaaS, HSP, AWS)
* Strong MS Office Skills (Excel, word, Powerpoint)
* Knowledge of software development security best practices
* Experience in release management, change management, incident management, testing.
Preferable
* Security certifications like CISSP, CISM, CIPP, CCSK.
* Experience with RSA Archer and/or ServiceNow GRC.
* Experience in vulnerability management and penetration testing
* Knowledge of control frameworks and audit methodologies.
Business Experience
Mandatory
* Knowledge of Information Security and Risk Management frameworks (ISO27001, SOC, NIST, OWASP, etc.)
* Professional experience in information security (5+ years), particularly in cloud based solutions
* Strong IT background.
* Professional experience in Financial Services. used to work in large companies .
* Experience in reviewing and amending IT and Cyber Third-party clauses in contracts
Preferable
* Experience in banking environment.
Soft Skills
* High performer
* Autonomy, commitment, and perseverance in personal organization.
* Quick self-starter, pro-active attitude, team player .
* Results-oriented, responsible for his/her tasks, resourceful.
* Excellent English writing skills .
* Good communication and influencing skills.
* Good analytical and synthesis skills, ability to produce structured and concise documents, be precise and methodological .
* Ability to work in a dynamic and multi-cultural environment.
* Accurate & control minded, but flexible.
* Ability to capture and adapt to stakeholder expectations while respecting processes in place.
* Ability to mentor/coach people.