Security Risk & Control Senior Advisor – Banking Client

Security Risk & Control Senior Advisor – Banking Client – CIS Top 20, CISSP and CISA or CISM, ServiceNow

Duration: 7months + extension

Rate: 600 – 800 p/d

Hybrid Working – 3-4 days onsite in a month, the rest can be worked remotely.

My client is a global critical financial market infrastructure company.

Strong IT Risk Management and Security are at the core of the company’s services, firmly embedded in their management systems and processes.

The Regulatory Watch, Policies and Controls team is part of the Cyber Information Security Office Division and is in charge of driving the definition and implementation of the policy and control framework addressing the key IT and Security risks and ensuring compliance to all regulations and external requirements applicable to the Technology organization of the group.

The team’s primary location is the Brussels headquarters office.

Role

This role is focusing on the security control framework, covering all key security domains, processes and disciplines aiming to protect data and IT assets across the infrastructure and applications. Past experience and knowledge in both security governance and in concrete on-the-field security implementations and/or operations is required to re-enforce the capacity, knowledge and skills mix in the team.

The Clients security control framework is based on the CIS Top 20 industry standard and is being implemented in the ServiceNow GRC platform.

You will take an active role both in the controls design and implementation (change) and in managing the control framework as it is gradually moved to live operation for continuous monitoring/evidencing and continuous improvement (run).

You will contribute to design, co-create and roll out effective controls addressing key risks and regulatory requirements across all security domains, advising and challenging control owners and performers on the way they will need to embed and evidence the controls.

By promoting and implementing controls you will help to improve the risk culture and control maturity in IT. You will work closely with security process owners, line management across IT divisions and locations, as well as second and third lines of defence (Risk Management and Internal Audit).

You have a strong risk mind-set, are a good relationship builder and want to play a critical role in the IT and Security Risk transformation and change roadmap. Proficient (oral and written) communication as well as influencing are part of your main skills.

Qualifications, professional skills and experience

• University Master’s degree or equivalent experience (education in computer science, engineering or cybersecurity is a plus)
• 5+ years field experience in the security risk and control environment (rather in controls implementation than in auditing or assurance testing), preferably in large/enterprise multi-platform-based IT environments
• Process-minded and good knowledge of the key principles of the standard frameworks such as CIS Top 20 is a strong asset
• Combination of CISSP and CISA or CISM certifications is a key advantage
• A good understanding and experience with ServiceNow GRC (or other GRC solutions) is an asset
• Fluent knowledge of English (verbal, writing, presentation). French and/or Dutch is a plus

Soft skills

• You have a strong risk mind-set: you aspire to a culture of excellence
• You have strong leadership and communication skills, whether on the field, in the team or with management: you are a keen team player and coordinate work amongst people from different areas or divisions. A good relationship builder with strong diplomacy skills
• You are a highly motivated self-starter and quick learner, and you can work proactively in a challenging environment with conflicting or competing priorities
• You are analytical and risk oriented. You know how to break down complex risk situations into manageable pieces and to address logical links and dependencies. You can distinguish essential information and summarise it accordingly. You see how information is linked and you recognise common patterns in elements that seem unrelated at first
• You examine matters from a distance and put them in a broader context and time perspective (vision)
• You express well-founded opinions and positions and understand their consequences (judgement)
• Critical mindset and ability to challenge and influence management and IT experts. You obtain approval of others with good arguments, appropriate influencing methods and personal authority (persuasion), constructively challenging and negotiating at all levels

Please do share an up to date CV to eobiechefu@welovesalt.com or call me on 0207 928 2525