Information Security Officer recruitment

Responsibilities

Information Security Governance

• Chair the Risk Committee, comprised of senior IT, Business and other Corporate Management.
• Define information security program roadmap consistent with corporate and objectives and strategic plan.
• Obtain senior management commitment and support for information security throughout the company.
• Ensure that definitions of roles and responsibilities throughout the company include information security governance activities.
• Identify current and potential legal and regulatory issues affecting information security and assess their impact on the company.
• Develop security polices, standards and procedures that provide adequate business protection without interfering with core business requirements.
• Develop business case and value analysis that support information security program investments.
• Establish metrics to manage the information security governance framework.
• Develop and deliver training activities that can influence culture and behavior of staff.
• Act as the organization’s representative with respect to inquiries from customers, partners, and regulators regarding the organizations security posture.
• Develop and maintain security awareness training programs for employees.

Risk Management

• Develop and maintain a systematic management process, risk assessment and business impact analysis methodology to be used as a standard process to identify risks to achieving business objectives, corporate assets and brand image, and define strategies to mitigate risk acceptable level.
• Ensure that risk identification, analysis and mitigation activities are integrated into life cycle processes.
• Report significant changes in risk to management on both a periodic and event-driven basis.
• Promote accountability by business process owners and other stakeholders in managing information security risks.

Compliance

• Develop audit processes to test and monitor compliance with information security policies standards and procedures.
• Develop SSAE16 SOC1 and SOC2 control framework and audit processes to monitor SSAE16 compliance.
• Manage relationship with 3rd part audit firm. Manage annual SSAE16 audits.
• Ensure that internal and external resources required to implement information security program are identified, and adequately trained to perform their assigned duties.
• Ensure that services provided by other companies, including outsourced providers, are consistent with established information security policies.
• Manage 3rd party application and vulnerability assessments performed to evaluate effectiveness of existing controls.
• Ensure that noncompliance issues and other variances are resolved in a timely manner.

Incident Response Management

• Participate in preparing a disaster recovery plan to ensure business continuity and timely recovery from disruptive and destructive events.
• Ensure periodic testing of the response and recovery plans where appropriate.
• Ensure post-event reviews to identify causes and corrective actions are taking place.
• Monitor effectiveness of processes for detecting, identifying and analyzing security related events.
• Establish and maintain relationships with law enforcement agencies, vendor and customer security contacts.

Information System Engineering Tasks

• Establish and maintain relationship between Security department and System, Network, Application Development, Product and external audit departments in order to coordinate and to assist in implementation and enforcement of security standards.
• Integrate information security program requirements into product requirements and software development life cycle activities. Act as a product owner for security aspects of the trading system
• Cooperate in the development and implementation of security technology and tools.
• Participate in reviews and analysis of internal projects that may have impact on information security.

Required Skills:

• Solid understanding of information security technologies, processes, methodologies, risk management models, and policy / procedures development experience.

• Solid understanding of Security – Information and Technical – Architectural, Engineering, and Management disciplines.

• Must have a solid understanding of information technology and information security (including firewalls, IDS, VPNs, application security, penetration testing, etc)

• Familiarity with multiple platforms operating systems (e.g. UNIX, Windows,).

• Must be a persuasive leader who is able to communicate security-related concepts to a broad range of technical and non-technical staff.

• Excellent communication skills, analytical ability and project management skills.

• Strong analytical skills with the ability to make logical and reasoned decisions.

• Superior organizational skills with the ability to manage large document productions and handle ambiguous problems, establish priorities and effectively work across multiple areas.

• Strong interpersonal communication skills.

• Ability to work effectively on teams and as an independent contributor with limited direction and oversight.

• Technical knowledge of electronic trading platforms a plus.

Education/Experience:

• 15+ years’ experience in Information Technology, Information Security Management, Systems Auditing, and Security Engineering, preferably in Financial Services. Including the design of InfoSec related systems in a distributed environment.

• College degree required in technical discipline and/or business oriented discipline.

• Admin

  New
  • Log in

• Recent Jobs

  • Full Stack Engineer
  • Senior Full Stack Developer
  • Software Developer Engineer
  • iOS/Android Developer
  • DevOps for Connected Heating Systems
  • IT Architect
  • Agile Scrum Coach
  • HTML5 Front End Developer
  • .Net Developer (Switzerland)
  • Software Testers

• Categories

  • Financial
  • General
  • Healthcare
  • Technology

• Archives

  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015

• Tags

  Accounting & Finance careers in the Australia Accounting & Finance careers in the Hong Kong SAR Accounting & Finance careers in the Singapore Accounting & Finance careers in the UK Accounting & Finance careers in the USA Accounting) Alabama Us Alberta Canada Arizona Us Asset Management Asset Management careers in the Hong Kong SAR Asset Management careers in the UK Asset Management careers in the USA Associate AVP Baden Württemberg Germany Bayern Germany Business Analyst California Us Call Centres Capital Markets Capital Markets careers in the UK Colorado Us Commodities Commodities careers in the UK Compliance Connecticut Us Consultancy Corporate Banking Credit Debt Derivatives Director District Of Columbia Us Driver Equities Equities careers in the UK Fixed Income) Fixed Income careers in the UK Florida Us Foreign Exchange F recruitment Georgia Us Home Counties Uk Ile Of France France Illinois Us Indiana Us Information Technology careers in the Hong Kong SAR Information Technology careers in the Singapore Information Technology careers in the UK Information Technology careers in the USA Investment Banking Iowa Us Kansas Us Kentucky Us Legal London recruitment London Uk Louisiana Us M & A careers in the UK Manager Maryland Us Massachusetts Us Michigan Us Midlands Uk Minnesota Us Missouri Us Money Markets New Jersey Us New South Wales Australia New York Us Noord Holland Netherlands Nordrhein-Westfalen Germany North Carolina Us North West Uk Ohio Us Oklahoma Us Ontario Canada Operations careers in the UK Oregon Us Pennsylvania Us Private Banking Project Manager Queensland Australia Risk Management careers in the UK South Australia Australia South Carolina Us Southern Uk South West Uk Tennessee Us Texas Us UK Victoria Australia Virginia Us VP Washington Us Western Australia Australia Wisconsin Us Yorkshire Uk Zuid Holland Netherlands

• Links

  • Name.ly
  • Who-El.se?

• RSS

  • Entries (RSS)
  • Comments (RSS)