IT and Cyber Risk Management professional

Job Description

Function description

you execute IT and security risk assessments in IT and business contexts (applications, business solutions, 3rd-parties organization , processes…).

• you execute information security and IT control plans on third parties to ensure that they are performing according to signed contracts.

• you coordinate and perform IT and security audits on third parties .

• you create one-pagers and synthetic risk reports for a management audience

• you set up processes and procedures for an end to end IT and security management for third-parties .

• you deliver consulting on IT and Cyber risk management to internal customers (IT and Business) :

• Proposition or validation of measures to mitigate risks.

• Creation of detailed or synthetic risk report.

• Support in increasing risk control maturity by providing a valuable follow up and reporting.

• you manage customer relationship and are the Single Point Of Contact for the risk management services you delivered.

• you contribute to definition and improvement of risk management methods and tools on the third-party management area .

• you contribute to writing processes and procedures supporting risk management activities outlined above, for both an expert and non-expert audience. Experience on linking different ISMS processes is a must.

• you are knowledgeable on CIAT topic and able to adapt to the way this is applied in the bank for third-party suppliers.

• you review IT and security contractual clauses for suppliers servicing bank activities.

Education

Bachelor/Master or equivalent by experience

Required Experience

• Professional experience in information security (5+ years)
• Experience in process design and Business analysis
• Experience in Third-party IT and security assessments
• Experience in risk management
• Experience in delivering presentations and training

Technical Experience

Mandatory

• Significant experience in operational/security risks management.
• Significant experience in working with cloud services (SaaS, HSP, AWS)
• Strong MS Office Skills (Excel, word, Powerpoint)
• Knowledge of software development security best practices
• Experience in release management, change management, incident management, testing.

Preferable

• Security certifications like CISSP, CISM, CIPP, CCSK.
• Experience with RSA Archer and/or ServiceNow GRC.
• Experience in vulnerability management and penetration testing
• Knowledge of control frameworks and audit methodologies.

Business Experience

Mandatory

• Knowledge of Information Security and Risk Management frameworks (ISO27001, SOC, NIST, OWASP, etc.)
• Professional experience in information security (5+ years), particularly in cloud based solutions
• Strong IT background.
• Professional experience in Financial Services. used to work in large companies .
• Experience in reviewing and amending IT and Cyber Third-party clauses in contracts

Preferable

• Experience in banking environment.

Soft Skills

• High performer
• Autonomy , commitment, and perseverance in personal organization.
• Quick self-starter, pro-active attitude, team player .
• Results-oriented, responsible for his/her tasks, resourceful.
• Excellent English writing skills .
• Good communication and influencing skills.
• Good analytical and synthesis skills, ability to produce structured and concise documents, be precise and methodological .
• Ability to work in a dynamic and multi-cultural environment.
• Accurate & control minded, but flexible.
• Ability to capture and adapt to stakeholder expectations while respecting processes in place.
• Ability to mentor/coach people.