Euroclear
Job title:
Third Party IT Security & Risk Analyst
Company:
Euroclear
Job description
Job Description:Third Party Security Manager, Band 5Division: CISOIT and Cyber Risk TeamAligning with the overall corporate mission of being a ‘trusted Financial Market Infrastructure’, the ‘IT and Cyber Risk’ team within CISO Division provides several services that aim to:
- Ensure ‘end-to-end’ management of risks by identifying IT, information security or cyber risks or deficiencies
- Ensure root cause issues and risks are structurally remediated through sustainable controls, and ensure reduce risk exposure through increased control maturity
- Ensure risk exposure is in line with the risk appetite of the firm
- Ensure regulatory compliance is evidenced
- Ensure accountability, ownership and risk culture is embed within first line
Within the context of the overall Enterprise Risk Management (ERM) framework, the IT and Cyber Risk team provides a strong control environment based on internationally recognized controls that allows all IT, information security and cyber risks to be continually identified, assessed, monitored, and mitigated (or accepted).Role Description – IT Security ManagerThe role will be responsible for execution of risk-based IT Security controls for Third Parties. Key responsibilities:Third-Party Assurance Lifecycle:
- Maintain Third Party Register, ensure quality checks are performed
- Third Party Security Controls management
- Facilitation of remediation activities
- Recertification scoping
Continues Improvements
- Participate and support in delivery of regulatory driven change i.e. DORA
- Identify, design and implement process improvements
- Lead demand capacity management
- Deliver training and coaching sessions for the team
- Taking initiatives to document and communicate intensively to further increase Third Party Security, knowledge and expertise
Core Skills
- Knowledge of the customer, third-party and connectivity ecosystems
- Previous experience in Third Party Security Management (i.e. Due Diligence
- Knowledge of security risk management
- Knowledge of control frameworks, e.g., ISO 27000, NIST, CIS-18, COBIT-5
- Knowledge of relevant regulations, i.e. DORA, Outsourcing, ESMA, etc.
- Knowledge of logging, monitoring and alerting is an advantage
- Knowledge of similar ecosystem frameworks, e.g., SWIFT CSP is an advantage
- Knowledge of financial markets, FMIs and CSD operations is an advantage
- Experience with supplier and supply chain due diligence framework, procedures, data gathering risk and control assessment.
- Experience with contract review of information security schedules and terms
- Knowledge of logging, monitoring and alerting is an advantage
- Experience with ServiceNow GRC is an advantage
- IT Security Certification such as CISSP, CSSLP, CCSP, CISM, CISMP, GCIH, CEH, etc. is an advantage.
Soft Skills
- Leadership. Be an inspiring and engaging leader by providing strategy and direction to team members, by showing business acumen, by possessing self-reflection and by being results-driven
- Interpersonal. Be self-motivated and proactive, have strong, innovative and creative problem-solving skills, be open and welcoming to change, work comfortably in a constantly evolving environment and have an ability to remain calm under pressure and in the face of uncertainty.
- Collaborative. Work comfortably with business executives and stakeholders, within group settings or with team-members
- Change. Ability to handle multiple projects against tight deadlines whilst being instrumental in delivering cultural change throughout the organisation
- Experience with managing regulatory compliance issues as well as providing best practices in security
- Strong organisation, prioritisation management, coordination, reporting and communication
Expected salary
Location
Belgique
Job date
Thu, 05 Dec 2024 07:44:27 GMT
To help us track our recruitment effort, please indicate in your email/cover letter where (vacanciesineu.com) you saw this job posting.