• Establish controls framework for governing information security assessment processes in the company.
• Operate and continuously monitor this framework, look for areas for improvement and lead initiatives for optimizing it. 
• Ensure security assessment criteria are consistent and map standards correctly.
• Liaise with owners of information security standards to stay on top of changes; provide standard owners feedback and partner with them to align standards with practice.
• Liaise with cyber security architects and regulatory and compliance teams, translate their input into security assessment processes.
• Support businesses in case of any regulatory non-compliance.
• Identify and publish best practices practices for security assessment criteria; partner with engineering and development teams to educate them and to gather feedback.
• Ensure security assessment processes are documented and are in line with practice.
• Support any audited partners with respect to security assessment, provide security assessments related deliverables, and represent the Security Assessment team on the audit.
• Manage any audits on Security Assessments, in partnership with risk teams. Partner with other teams to ensure audit readiness for the Security Assessment organization.
•  Lead audit preparation efforts related to security assessment processes, identify, investigate
  problematic cases to find a solution, escalate when needed.
• Liaise with auditors on their expectations regarding security assessment processes.

Information Security is a primary area of focus for our clien. The CISO Global Security Assessments organization partners with software development and engineering teams and assesses applications, technology products and cloud services they deliver. This key position will be at the heart of the
Security Assessment process and play a key role in ensuring regulatory compliance and professional quality of the security assessment work, and providing audit support related to security assessments.

• Degree in a related discipline is strongly preferred.
• At least 5 years of experience in similar role, such as information security governance, risk
  management, compliance or audit.
• CISSP, CISM, CISA or CCSP exam, or willingness to pass one of these within one year.
• A broad overview of information security disciplines and governance frameworks (ISO 27001, CobIT, NIST Cybersecurity Framework).
• Security mindset; ability to think the way an attacker would think.
  Ability and willingness to both read and write technical documentation.
• Ability to oversee an IT architecture and assess it in terms of security.
• Ability to learn and understand new technologies and systems.
• Experience in multiple domains of IT or security, such as network security, identity management, key management, cloud security, software development, devsecops, etc.
• Hands-on experience in some areas is a plus.
• Communication – excellent writing and verbal skills, ‘can do’ attitude.

• opportunity to work on the internal security posture for a large financial company and thus shape the industry overall
• exposure to a broad range of investment technology businesses and products
• access to their world-class testing lab with physical hands-on using hundreds of devices in the IT security ecosystem
• competitive compensation package
• access to our client's huge training database and subscription to external online training
• a socially active team and communities with diverse networking opportunities
• flexible work arrangements
• Paid Parental Leave Program
• They offer recognition of your efforts through their compensation package with added benefits:
  o Private Medical Care Program and onsite medical rooms in their buildings
  o Pension Plan Contribution to Voluntary Pension Fund
  o Group Life Insurance