Third-Party Security & Business Continuity Advisor

Third-Party Security & Business Continuity Advisor – Banking Client – Brussels

Rate: €700 per day

Duration: 1 year contract.

• As systemically-important global financial market infrastructure, the protection of information and assets is fundamental to the company’s business and services it offers its clients. Security is at the core of our services, firmly embedded in the management systems and processes of the company.
• You will be joining our CISO Division in charge of putting in place the required controls to adequately and effectively protect our information assets.
• The recent spate of cyber-attacks on some of the world’s largest organisations has highlighted the requirement for a strong information and security function. Security threats to are a Board-level agenda item as they have the capacity to disrupt the entire European post-trade process.

Team

• The objective of Group Third-Party Security team is to ensure that the security and business continuity measures implemented by third-parties are aligned with the company’s risk appetite in order to minimize cybersecurity risks throughout the relationship with third-party.
• To realize its objective, the team collaborates across the organisation, with other CISO division teams, Procurement, business teams (e.g. Network Management & Commercial) and functions such as IT, Risk Management and Compliance.

Role

Within the Group Third-Party Security team, your mission is to ensure that the Information Security and Business Continuity measures implemented by third-parties are aligned with the company’s risk appetite and to minimize cybersecurity risks throughout the relationship with Third Party.

Your key responsibilities are the following :

• Contribute to maintain/update the Third-party Security framework and perform the strategic reporting
• Contribute to maintain/update 3P security policies, implementing procedures, operational procedures, guidelines
• Contribute to maintain/update the third-party security requirements, as part of the contractual framework
• Contribute to maintain/update 3P Security internal controls to ensure that Information Security & Business Continuity aspects are managed alongside Third Party lifecycle
• Report on 3P security activity to Group Security management.
• Control & Continuous Improvement on the Third-party Security framework.

• Represent Group Security in the Third party selection & contract management process:
• Support business owners in the inherent and residual security risk assessment (tailored to the risk profile).
• Perform the relevant assessment to evaluate provider residual security risk.
• Manage the “residual” risks in line with the risk management framework and coordinate the implementation of remediation action plan
• Advise the Business owners on contract elaboration (integration of Information Security clauses in the contract).

• Collaborate to the periodic third-party information security risk recertification
• On a daily basis, monitor the third-party security risks
• Follow the cybertheat alerts as a facilitator with the incident management teams
• Prevent the incident from occurring in the future
• Perform ad-hoc on-site audit on critical providers
• Ensure that the service/contract termination controls have been performed

Technical & Functional skills

• Education: Bachelor/Master’s degree (Computer Science, Information Security or Business Science).
• At least 3-years’ experience as a security officer with proven experience in the following domains:
• Implementation or day-to-day management of the Third Party security topic
• Implementation or day-to-day management of Information Security governance
• Broad knowledge of Information Security & IT security is mandatory. Relevant Information security certifications (ie. ISO 27000 lead implementer, CISM, CISSP…) and/or governance certifications (Cobit, ITIL) is preferable.
• Knowledge and/or experience of financial services
• Languages: English (Fluent), Being fluent in French and/or Dutch is a plus.

Soft skills

• You like working with different people and have strong oral and written communication skills.
• You have good stake-holder management skills and you are able to communicate at various seniority levels including Senior Management and technical experts.
• You are accurate, timely and able to organise yourself independently. You have strong attention to details.
• You like to work in team, to coordinate and you can adapt your approach depending on your counterpart
• You have excellent analytical and synthesis skills.
• You are able to translate complex topics in a clear, comprehensive communication to broad audience.

Please do send across to me the most up to date copy of your CV to eobiechefu@welovesalt.com