Division: Chief Information Security Office (CISO)
Third Party Security Manager
Division: CISO
IT and Cyber Risk Team
Aligning with the overall corporate mission of being a 'trusted Financial Market Infrastructure', the 'IT and Cyber Risk' team within CISO Division provides several services that aim to:
1. Ensure ‘end-to-end’ management of risks by identifying IT, information security or cyber risks or deficiencies
2. Ensure root cause issues and risks are structurally remediated through sustainable controls, and ensure reduce risk exposure through increased control maturity
3. Ensure risk exposure is in line with the risk appetite of the firm
4. Ensure regulatory compliance is evidenced
5. Ensure accountability, ownership and risk culture is embed within first line
Within the context of the overall Enterprise Risk Management (ERM) framework, the IT and Cyber Risk team provides a strong control environment based on internationally recognized controls that allows all IT, information security and cyber risks to be continually identified, assessed, monitored, and mitigated (or accepted).
Role Description – IT Security Manager
The role will be responsible for execution of risk-based IT Security controls for Third Parties. Key responsibilities:
Third-Party Assurance Lifecycle
6. Due Diligence - risk profiling, onboarding, re-certification
7. Contract Management - ensuring that the security expectations included in the contract are proportionate to the risk profiling
8. Exit Management - performance of necessary security checks at the end of a contractual agreement with a Third Party
9. Ongoing monitoring - Facilitate and support response to the, alerting and incident of external Third Parties
Continues Improvements
10. Participate and support in delivery of regulatory driven change. DORA
11. Identify, design and implement process improvements
12. Lead demand capacity management
13. Deliver training and coaching sessions for the team
14. Taking initiatives to document and communicate intensively to further increase Third Party Security, knowledge and expertise
Core Skills
15. Knowledge of the customer, third-party and connectivity ecosystems
16. Previous experience in Third Party Security Management is a must (. Due Diligence
17. Knowledge of security risk management
18. Knowledge of control frameworks, ., ISO 27000, NIST, CIS-18, COBIT-5
19. Knowledge of relevant regulations,. DORA, Outsourcing, ESMA, etc.
20. Knowledge of logging, monitoring and alerting is an advantage
21. Knowledge of similar ecosystem frameworks, ., SWIFT CSP is an advantage
22. Knowledge of financial markets, FMIs and CSD operations is an advantage
23. Experience with supplier and supply chain due diligence framework, procedures, data gathering risk and control assessment.
24. Experience with contract review of information security schedules and terms
25. Knowledge of logging, monitoring and alerting is an advantage
26. Experience with ServiceNow GRC is an advantage
27. IT Security Certification such as CISSP, CSSLP, CCSP, CISM, CISMP, GCIH, CEH, etc. is an advantage.
Soft Skills
28. Leadership. Be an inspiring and engaging leader by providing strategy and direction to team members, by showing business acumen, by possessing self-reflection and by being results-driven
29. Interpersonal. Be self-motivated and proactive, have strong, innovative and creative problem-solving skills, be open and welcoming to change, work comfortably in a constantly evolving environment and have an ability to remain calm under pressure and in the face of uncertainty.
30. Collaborative. Work comfortably with business executives and stakeholders, within group settings or with team-members
#LI-NS1