Third Party Information Security Risk Manager – Banking Client – Brussels
Rate: 800 – 900 pd
Duration: 3 months + extension
Hyrbid Working: 3 day onsite per month – the rest you work from home.
IT and Cyber Risk Team
Aligning with the overall corporate mission of being a ‘trusted Financial Market Infrastructure’, the ‘IT and Cyber Risk’ team within CISO Division provides a number of services that aim to:
Ensure ‘end-to-end’ management of risks by identifying IT, information security or cyber risks or deficiencies
Ensure root cause issues and risks are structurally remediated through sustainable controls, and ensure reduce risk exposure through increased control maturity
Ensure risk exposure is in line with the risk appetite of the firm
Ensure regulatory compliance is evidenced
Ensure accountability, ownership and risk culture is embed within first line
Role Description – IT Security Manager
The role will be responsible for execution of risk-based IT Security controls for Third Parties. Key responsibilities:
Customer and Third-Party Due Diligence and Re-certification
Re-certifies customers and third parties through an enhanced due diligence security questionnaire and updated contractual agreements
Maintains Customer EPSCF (Participant Security Controls Framework) with regular attestation
Leverages Due Diligence Questionnaire (DDQ) for Third-Party Suppliers (CSPs and SSPs) and Network Service Providers, with regular attestation
In collaboration with the business, administers consequence management for non-compliant entities
Ecosystem Security Monitoring and Alerting
Ensures monitoring, alerting & incident management of external connections, managed by the CDC
Monitors firewall events, IAM authentication events, IDS/IPS/NBA network intrusion events, malicious content through AV file transfer check and WAF application-level security events
Creates alerts based on a number of use-cases
Security monitoring and alerting of customer, third-party and supplier connections in collaboration with Cyber Defence Centre (CDC)
Qualifications
Core Skills
Knowledge of the customer, third-party and connectivity ecosystems
Knowledge of security risk management
Knowledge of control frameworks, e.g., ISO 27000, NIST, CIS-18, COBIT-5
Knowledge of logging, monitoring and alerting is an advantage
Knowledge of similar ecosystem frameworks, e.g., SWIFT CSP is an advantage
Knowledge of financial markets, FMIs and CSD operations is an advantage
Experience with supplier and supply chain due diligence framework, procedures, data gathering risk and control assessment.
Experience with contract review of information security schedules and terms
Knowledge of logging, monitoring and alerting is an advantage
Experience with ServiceNow GRC is an advantage
IT Security Certification such as CISSP, CSSLP, CCSP, CISM, CISMP, GCIH, CEH, etc. is an advantage.
Soft Skills
Leadership. Be an inspiring and engaging leader by providing strategy and direction to team members, by showing business acumen, by possessing self-reflection and by being results-driven
Interpersonal. Be self-motivated and proactive, have strong, innovative and creative problem-solving skills, be open and welcoming to change, work comfortably in a constantly evolving environment and have an ability to remain calm under pressure and in the face of uncertainty.
Collaborative. Work comfortably with business executives and stakeholders, within group settings or with team-members
Change. Ability to handle multiple projects against tight deadlines whilst being instrumental in delivering cultural change throughout the organisation