Third Party Information Security Risk Manager

Third Party Information Security Risk Manager – Banking Client – Brussels

Rate: 800 – 900 pd

Duration: 3 months + extension

Hyrbid Working: 3 day onsite per month – the rest you work from home.

IT and Cyber Risk Team

Aligning with the overall corporate mission of being a ‘trusted Financial Market Infrastructure’, the ‘IT and Cyber Risk’ team within CISO Division provides a number of services that aim to:

• Ensure ‘end-to-end’ management of risks by identifying IT, information security or cyber risks or deficiencies
• Ensure root cause issues and risks are structurally remediated through sustainable controls, and ensure reduce risk exposure through increased control maturity
• Ensure risk exposure is in line with the risk appetite of the firm
• Ensure regulatory compliance is evidenced
• Ensure accountability, ownership and risk culture is embed within first line

Role Description – IT Security Manager

The role will be responsible for execution of risk-based IT Security controls for Third Parties. Key responsibilities:

Customer and Third-Party Due Diligence and Re-certification

• Re-certifies customers and third parties through an enhanced due diligence security questionnaire and updated contractual agreements
• Maintains Customer EPSCF (Participant Security Controls Framework) with regular attestation
• Leverages Due Diligence Questionnaire (DDQ) for Third-Party Suppliers (CSPs and SSPs) and Network Service Providers, with regular attestation
• In collaboration with the business, administers consequence management for non-compliant entities
• Ecosystem Security Monitoring and Alerting
• Ensures monitoring, alerting & incident management of external connections, managed by the CDC
• Monitors firewall events, IAM authentication events, IDS/IPS/NBA network intrusion events, malicious content through AV file transfer check and WAF application-level security events
• Creates alerts based on a number of use-cases
• Security monitoring and alerting of customer, third-party and supplier connections in collaboration with Cyber Defence Centre (CDC)

Qualifications

Core Skills

• Knowledge of the customer, third-party and connectivity ecosystems
• Knowledge of security risk management
• Knowledge of control frameworks, e.g., ISO 27000, NIST, CIS-18, COBIT-5
• Knowledge of logging, monitoring and alerting is an advantage
• Knowledge of similar ecosystem frameworks, e.g., SWIFT CSP is an advantage
• Knowledge of financial markets, FMIs and CSD operations is an advantage
• Experience with supplier and supply chain due diligence framework, procedures, data gathering risk and control assessment.
• Experience with contract review of information security schedules and terms
• Knowledge of logging, monitoring and alerting is an advantage
• Experience with ServiceNow GRC is an advantage
• IT Security Certification such as CISSP, CSSLP, CCSP, CISM, CISMP, GCIH, CEH, etc. is an advantage.

Soft Skills

• Leadership. Be an inspiring and engaging leader by providing strategy and direction to team members, by showing business acumen, by possessing self-reflection and by being results-driven
• Interpersonal. Be self-motivated and proactive, have strong, innovative and creative problem-solving skills, be open and welcoming to change, work comfortably in a constantly evolving environment and have an ability to remain calm under pressure and in the face of uncertainty.
• Collaborative. Work comfortably with business executives and stakeholders, within group settings or with team-members
• Change. Ability to handle multiple projects against tight deadlines whilst being instrumental in delivering cultural change throughout the organisation

Please do send a CV to eobiechefu@welovesalt.com