Our Client is one of the leading investment banks in the world, and for their growing professional team we are looking for a Information Security Officer.
Information Security Officer
- Communicates and interacts regularly with employees and business management on IS related programs, policies, and standards.
- Communicates with the GISO and business managers; escalates as appropriate.
- Provides general IS consulting services including interpretation and/or clarification.
- Exercises oversight to the IS program within the business, including programs, policies, and related reporting.
- Helps security incident response teams resolve and close the investigation of incidents with proactive suggestions.
- Assists in the definition and implementation of IS standards at the business level to ensure that procedures and practices comply with our Client' s standards.
- Participates in the IS community on committees and cross-business / functional opportunities.
- Enforces compliance; demonstrates extensive understanding of IS standards and best practices across multiple disciplines.
- Reviews status of business IS program and oversees corrective action when necessary.
- Develops corrective action language for all IS-related gaps and approves all closures by reviewing evidence to ensure the closure meets our Partner' s requirements or industry best practices.
- Collaborates to create Risk Exceptions (REs), and Corrective Action Plans (CAPs) in the appropriate tools (iCAPs, CIRAS, etc.).
- Ensures that approvals and reviews are executed when needed.
- Performs IS awareness and training activities, including IS education of new employees. Ensures IS awareness materials are distributed per CISS requirements. Monitors / tracks IS training per CISS requirements.
- Ensures IS Risk Assessment is performed according to our Client's standards by partnering with the businesses throughout the ISRA process and determines the impact of control deficiencies.
- Provide RISO with program management support for the production of monthly IS metrics
- SIRT analysis and follow up
- Regional IS Awareness
- Information Security Risk Exception management
- Annual GLBA attestation process
- Prepares periodic IS reports for senior management summarizing the risk posture for the business.
- Interprets and translates the information security requirements of the business IS program into technical requirements.
- Provides guidance preparing for audits, resolving audit findings and ensuring closure
- Complete additionally any other tasks in connection with the role but not detailed in the current job description, charged by the direct manager, supervisor, or the functional head.
Knowledge and Experience
- 3+ years experience in IS or other Risk Management activities and at least 2 IS programs including, but not limited to, Audit Reviews, IS Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Incident Management, Vulnerability Assessment. Knowledge of key government regulations and local laws.
- Has a business or technical background or combination of both.
- An awareness of the fundamentals of information security.
- Good understanding of IS policies, standards and procedures.
- Project management experience.
- Understanding of the IS risks that are inherent to a business.
- Working knowledge of the technology aspects of security.
- Fluent in English
- Verbal and written communications skills.
- Bsc degree in Information Security/Computer Science/Electrical, Mechanical Engineering /Information Technology. An advanced degree in a relevant business area will be considered a positive.
- At least one Industry related certification such as Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), or Certified Information Systems Security Professional (CISSP) is highly desired
- Good organisational and administrative skills
- Ability to work as part of the team
- Precise, accurate worker
- Takes ownership and shows proactive attitude
- Able to communicate effectively with seniors
- Long-term career path across geographies and business lines.
- Work in strategical projects with high exposure and management visibility.
- Flexible work arrangements.
- Competitive compensation package.
- Friendly work atmosphere.