Job Summary: 

• Collaborates with other subject matter experts to determine and communicate the business impact of changes to information risk policy and standards
• Reviews internal and external IT projects and applications for risk issues and ensures adherence to security policies, industry best practices, and security controls
• Facilitates reviews, identifies and documents any resulting breaks requiring remediation
• Defines testing processes for information risks associated with applications (both in-house and third-party)
• Conducts targeted and advisory application risk assessments and control testing
• Maintains oversight of the front-line unit remediation efforts as issues are identified
• Performs independent review and challenge of front-line unit RCSA outputs for processes related to application development and maintenance
• Manages and conducts independent cyber risk assessments for applications, including vulnerability scans, penetration tests and other assessment techniques
• Manages stakeholders and works across various parts of the organization

Skills on Resume: 

• Business Impact (Soft Skills)
• Risk Review (Hard Skills)
• Policy Compliance (Hard Skills)
• Control Testing (Hard Skills)
• Risk Assessment (Hard Skills)
• Remediation Oversight (Hard Skills)
• Stakeholder Management (Soft Skills)
• Collaboration (Soft Skills)

Job Summary: 

• Continuously develop an information risk management framework
• Control catalogue for the IT department, evaluating regulatory requirements and formulating controls
• Work with various parties to map risks to controls, conduct risk and control assessments, drive risk mitigation actions, document, track and report
• Maintain a programme of continuous reporting across IT
• Advance and report all information risk and regulatory compliance issues
• Be the primary point of contact with both internal (Risk Management, Audit, Data Privacy, etc.) and external partners (External Audit, Regulators, etc.) for information risk topics
• Maintain a proficient level of knowledge across key technologies in use at AllianzGI (Windows, Mobile, Linux, Virtualisation, Network, Cloud, etc. and at the OS, Middleware and Application levels)
• Provide advice and training to teams to ensure that the controls they implement meet all objectives
• Perform information security risk assessments on third-party assets and vendors for the Intrum group
• Evaluate technologies and services to support information security monitoring capabilities and operational effectiveness of security-related controls
• Monitor risks and report changes, manage third-party risk dashboards and report to management regularly
• Provide clear risk reports with recommendations to enable the Group and its business entities to make informed risk decisions regarding service providers and new technology
• Participate in contract reviews for new and existing suppliers
• Draft security procedures, templates and standards
• Performing according to the company values, security instructions, procedures and general norms of social coexistence

Skills on Resume: 

• Risk Framework (Hard Skills)
• Control Evaluation (Hard Skills)
• Risk Mapping (Hard Skills)
• Regulatory Compliance (Hard Skills)
• Stakeholder Engagement (Soft Skills)
• Technology Knowledge (Hard Skills)
• Vendor Assessment (Hard Skills)
• Risk Reporting (Hard Skills)

Job Summary: 

• Drive continuous improvement on the technology risk framework, policies and risk management processes
• Collaborate across technology departments to analyse process risk, control adequacy and advise mitigation plans
• Manage technology risk committees to ensure proper governance and oversight
• Provide technology risk insight including data-driven risk reports
• Regularly engage with internal and external stakeholders on technology and cyber risk assessment and remediations
• Manage technology responses to audit requests
• Conduct risk management training with a relevant technology risk curriculum
• Keep abreast of technology risks, cybersecurity incidents, industry best practices and regulatory requirements, and their relevance to organisation controls, risks and safeguards
• Manage initiatives to build and enhance the technology risk management culture
• Provide IT and cyber risk management consulting to the business, technical and operations groups

Skills on Resume: 

• Risk Framework (Hard Skills)
• Process Analysis (Hard Skills)
• Governance Oversight (Hard Skills)
• Risk Reporting (Hard Skills)
• Stakeholder Engagement (Soft Skills)
• Audit Management (Hard Skills)
• Risk Training (Soft Skills)
• Cyber Consulting (Hard Skills)

Job Summary: 

• Embed a forward-looking, risk-aware culture across the Skipton Group by providing specialist IT, risk, information security and operational resilience expertise
• Maintain and implement Group policies, standards and practices that are progressive and aligned to industry best practice and the emerging threat landscape
• Provide oversight and challenge of change initiatives and projects with a focus on information security and resilience risks
• Deliver reviews against emerging themes and management-led areas of concern
• Produce IT risk/information security reports and MI for relevant groups, Committees and the Board
• Build effective relationships within the business to identify, support and challenge on key areas of risk and to evaluate controls
• Ensure IT and information security incidents are effectively managed and resolved in line with Group standards
• External benchmarking and research are undertaken and applied to ensure that Group processes are progressive and in line with best practice
• Enhance the formal service provider risk management and oversight program, including the identification of cybersecurity risks to sensitive data accessed by service providers
• Monitor the performance of Varian’s service providers against service-level agreements and assess the functionality of key information security and privacy controls

Skills on Resume: 

• Risk Culture (Soft Skills)
• Policy Management (Hard Skills)
• Change Oversight (Hard Skills)
• Risk Reporting (Hard Skills)
• Relationship Building (Soft Skills)
• Incident Management (Hard Skills)
• Benchmark Research (Hard Skills)
• Vendor Oversight (Hard Skills)

Job Summary: 

• Establish global cyber risk governance 
• Build a global risk management culture and methodologies
• Host the global Cyber Risk Board
• Establish and execute Risk management with business functions
• Build and maintain Cyber Risk Reporting towards stakeholders
• Collaborate with Compliance to anchor the risk corridor in ISMS
• Define, monitor and report Key Risk and relevant Key performance indicators
• Participating in and challenging the risk assessment process in all relevant projects and programs
• Measuring and reporting the implementation of IT policies, minimum standards and security frameworks throughout the organization
• Supporting strategic and ad-hoc risk analyses, risk papers and risk reports with fact-finding, researching and documenting activities
• Supporting assessments and response to regulatory changes, internal and external audit reports and monitoring the issue-solving progress
• Performing regular spot checks to verify the effectiveness of implemented controls
• Reviewing and challenging key control test results

Skills on Resume: 

• Cyber Governance (Hard Skills)
• Risk Culture (Soft Skills)
• Board Leadership (Soft Skills)
• Risk Management (Hard Skills)
• Risk Reporting (Hard Skills)
• Compliance Alignment (Hard Skills)
• Control Testing (Hard Skills)
• Audit Response (Hard Skills)

Job Summary: 

• Identify, understand and manage information (security), data and technology risks associated with the Multifamily Division
• Drive technology and security risk assessments on the technology of the Multifamily Division, which includes the use of third-party services
• Considered as the domain expert for the Multifamily Division around Information Security, Data and Technology risks, such as vulnerability management, technology debt, access management and data risks around privacy/personal information and public/non-public data
• Facilitate annual and quarterly Risk and Control Self-Assessments (RCSAs) on information (security), data and technology risks
• Drive remediation of issues and action plans and help ensure robust action plans are developed and completed
• Partner with appropriate groups to develop and implement effective strategies related to information risk management and data governance
• Advocate and champion the corporate risk framework and policy - driving awareness, adoption and execution in the groups within the department
• Build positive relationships to influence strong risk management outcomes
• Proactively identify emerging risks and engage with technology teams across various business domains, with an excellent understanding of the business context
• Develop a framework and liaise with control owners and senior stakeholders, Heads of IT from the business domains, on risk and control assessments
• Drive closure of technology issues and actions resulting from audits or other reviews
• Work with action owners to gather and evaluate the appropriateness of evidence or escalate appropriately
• Lead the planning and running of external audit coordination activities
• Collaborate with the wider Information Security, Software Engineering and Infrastructure Production teams to improve processes that further operational resilience
• Collate risk MI and report for the monthly Global Technology Risk Committees
• Support the Global Head of Technology Risk and CISO and Head of Enterprise Technology, to coordinate response to regulatory requests, and the delivery of strategic enhancements to the Technology Risk management practice

Skills on Resume: 

• Risk Assessment (Hard Skills)
• Domain Expertise (Hard Skills)
• Data Governance (Hard Skills)
• Policy Advocacy (Soft Skills)
• Relationship Building (Soft Skills)
• Emerging Risks (Hard Skills)
• Audit Coordination (Hard Skills)
• Regulatory Support (Hard Skills)

Job Summary: 

• Provide input to the company risk registers, based on knowledge of current and emerging information security risks and known vulnerabilities within existing controls
• Work with risk owners to determine the best risk mitigation plans, balancing costs against risk and business need
• Lead an annual enterprise-wide information security risk assessment, coordinating input from relevant parties including IT, Digital, Cyber and other departments
• Work closely with members of the IT and Digital teams to ensure an aligned and collaborative approach to areas of crossover between these teams and the R&C team
• Build and maintain positive stakeholder relationships at all levels of the organisation as well as with key external stakeholders (including clients, certification bodies and external consultants)
• Prepare quarterly information security updates for the Head of R&C to include in reports for the Risk Committee and other Senior Leadership Team forums
• Oversee all information security incident response planning, providing training to relevant stakeholders and running simulated exercises at planned intervals to be aligned with current and developing threats
• Oversee the delivery of a company-wide information security training programme, making use of third-party training platforms
• Guide the data protection function (managed jointly between R&C and Legal) in relation to information security requirements
• Maintain a sufficient level of understanding and awareness in relation to GDPR and other applicable data protection regulations to do so
• Be an active member of the Information Security Steering Group
• Contribute to the agenda and other supporting materials for the monthly meeting
• Review the existing vendor management processes, working with key stakeholders in R&C, IT and other Central Departments to find ways to improve and streamline the process in line with industry best practice
• Play a leading role in the implementation and eventual external certification of an ISO 27001-compliant Information Security Management System (ISMS)
• Work with the R&C Internal Audit (IA) function to enable a risk-based approach to information security audit
• Represent the R&C team on all digital project working groups and other technology-related forums
• Provide information security advice and support to digital projects and other workstreams, encouraging a ‘security by design’ approach
• Review information security requirements in client contracts and/or as part of the RFI/RFP process, coordinating the response
• Undertake any other responsibilities, tasks and projects in line with the R&C team and wider business requirements

Skills on Resume: 

• Risk Mitigation (Hard Skills)
• Security Assessment (Hard Skills)
• Stakeholder Relations (Soft Skills)
• Incident Response (Hard Skills)
• Security Training (Soft Skills)
• Data Protection (Hard Skills)
• Vendor Management (Hard Skills)
• ISO Implementation (Hard Skills)

Job Summary: 

• Work with CRO Asia in setting the overall strategic direction of Pictet Asia’s security governance efforts in compliance with local regulatory requirements and Pictet Group’s information security program
• Serve as the Information Security Subject Matter Expert (SME) and support the CRO in overseeing technology, cyber and information security risks for Asia
• Advise legal entity management on information security risk issues and recommend actions in support of the bank’s wider risk management program
• Monitor information security trends, both internal and external and recommend a suitable risk mitigation strategy
• Participate in relevant risk management governance forums including the APAC Risk and Compliance Committee, as well as run the Asia Technology Risk meeting
• Support IT and business stakeholders in the oversight of information security activities that may be outsourced
• Analyse the impact of new technologies, information security laws and regulations, and working with stakeholders
• Monitor and challenge Technology Resilience, Cyber and information security incidents and key risk indicators, support any triage and monitoring of remedial efforts
• Perform periodic testing of local information security key controls in accordance with Pictet’s control testing standards
• Assess the robustness of IT, Cyber and information security risks and controls and drive any required actions by the risk owners
• Develop and deliver information security risk training to internal stakeholders

Skills on Resume: 

• Security Governance (Hard Skills)
• Risk Oversight (Hard Skills)
• Advisory (Soft Skills)
• Trend Analysis (Hard Skills)
• Governance Forums (Soft Skills)
• Regulatory Analysis (Hard Skills)
• Control Testing (Hard Skills)
• Risk Training (Soft Skills)

Job Summary: 

• Working with stakeholders to implement the Group Information Security frameworks for the Company, including all related policies and guidelines
• Conducting gap analysis with the Group framework or local regulatory requirements and work with the first line to close the gaps
• Supporting the identification, assessment, and prioritisation of information security threats and working with relevant stakeholders to improve controls
• Conducting/reviewing security risk assessments and providing guidance to asset owners in terms of protection needs analysis and liaising with IT to ensure that these protections are implemented
• Prepare regular updates to management and the Segment / Group's CISO on information security risks, mitigation actions, progress of security measures implementation, key information security incidents, and risk assessments
• Be part of the Risk Management function and work with the Chief Risk Officer on other risk topics
• Project managed the migration of the Business Continuity planning to a new system
• Liaison within business and support functions to retain ISO22301 certification
• Maintain core ISO 22301 documentation
• Support the Operational Resilience team in its activities including testing and exercising
• Act as the engagement manager for at least two vendors
• Facilitate at least one ISO 27001 surveillance audit and internal audit
• Maintain core ISO 27001 documents, e.g., policies, procedures, ISMS review, SOA, internal audit methodology and scheduling, Corrective Action Workflow etc
• Support the information risk team with approvals, questionnaire responses, etc
• Monthly governance reporting and managing the rollout and tracking of annual eLearning

Skills on Resume: 

• Framework Implementation (Hard Skills)
• Gap Analysis (Hard Skills)
• Threat Assessment (Hard Skills)
• Risk Guidance (Hard Skills)
• Governance Reporting (Hard Skills)
• Business Continuity (Hard Skills)
• Vendor Management (Hard Skills)
• Audit Support (Hard Skills)

Job Summary: 

• Leads a small information security team responsible for maintaining the effectiveness of the enterprise-wide information security strategy including related programs, processes and initiatives
• Assists in the development, implementation and enforcement of corporate-wide security policies, procedures and standards
• Works closely with CTS infrastructure and software engineering applications development to ensure the integrity of security procedures, systems, and policies
• Works with developers to ensure proper completion of all risk assessments within policy and procedures
• Leads team in monitoring the utilization and effectiveness of security resources
• Implements monitoring and metrics approaches
• Provides direction on reports and analyses
• Ensures recommendations are aligned with customer/business needs and capabilities
• Ensures team tasks are completed promptly to ensure alignment with project schedules
• Trains staff in technical tools and skills, as well as specific applications and their business functions, to maximize their contribution to the team
• Manages a small information security team and contributes to the achievement of team objectives

Skills on Resume: 

• Team Leadership (Soft Skills)
• Policy Development (Hard Skills)
• System Integrity (Hard Skills)
• Risk Assessment (Hard Skills)
• Resource Monitoring (Hard Skills)
• Metrics Analysis (Hard Skills)
• Staff Training (Soft Skills)
• Project Alignment (Soft Skills)

Job Summary: 

• Conduct assessments, continuously monitor and report on Vendor Information risks for one or more Business Units
• Coordinate risk mitigation activities with vendors and Bloomberg Business Units
• Interpret, train and enforce compliance with Bloomberg Vendor Risk Management Standard and Procedures
• Cultivate and leverage relationships with CISO, Legal, Compliance, Enterprise Risk Management (ERM) and other control functions to accomplish objectives
• Lead key VIRM activities and demonstrate understanding of the top and material information risks affecting Bloomberg and clients
• Act as subject matter expert on VIRM matters supporting Business Unit(s) 
• Provide advisory support to Business Unit(s) on risk
• Provide and coordinate input to key compliance, legal and regulatory initiatives
• Participate in select risk committees/working groups

Skills on Resume: 

• Vendor Risk (Hard Skills)
• Risk Mitigation (Hard Skills)
• Compliance Training (Soft Skills)
• Stakeholder Relations (Soft Skills)
• Risk Leadership (Soft Skills)
• Advisory Support (Soft Skills)
• Regulatory Knowledge (Hard Skills)
• Committee Participation (Soft Skills)

Job Summary: 

• Engage in driving compliance, specifically in the Business Information Security (BIS) practice of Corporate Security
• Conduct risk assessments for key accounts and support risk remediation
• Plan and execute security assessments, communicate with Business teams to understand the critical security requirements and risk scenarios
• Establish an ISMS in line with the standards such as ISO 27001
• Engage and establish a Security governance program for the accounts
• Define the control framework and identify and evaluate risks
• Understand business context, prepare reports and recommendations
• Contribute to a new business proposal
• Respond to security RFPs, Security Information Questionnaire, MSA redlining, etc.
• Analyze and approve Security exceptions
• Conduct security awareness sessions
• Act as a focal BIS POC for Enterprise Infra for various security requirements
• Engage with different stakeholders such as external auditors, customer visitors, business leaders and corporate teams, such as Privacy, HR, legal, IT, etc. for security-related audits and activities
• Conduct reviews to assess the service delivery control environment and evaluate adherence to client-identified contractual requirements, Cognizant Policies and Standards
• Front-end and anchor customer security audits, Visit and due diligence activities
• Coordinate security incidents and be able to write an incident report

Skills on Resume: 

• Compliance Management (Hard Skills)
• Risk Assessment (Hard Skills)
• ISMS Implementation (Hard Skills)
• Governance Program (Hard Skills)
• Control Framework (Hard Skills)
• Report Writing (Hard Skills)
• Stakeholder Engagement (Soft Skills)
• Incident Coordination (Hard Skills)

Job Summary: 

• Assist in monitoring LendingClub’s IT control environment to identify key risks, related controls, and gaps
• Document and report results to management
• Collaborate with internal stakeholders on addressing systemic security issues
• Monitor, track, and document information security-related projects to ensure a prompt and efficient resolution
• Manage program-level metrics used to drive program direction as well as communicate with leadership
• Update and maintain the custom NIST FS profile
• Provide support and evidence collection for internal and external audits and risk assessments
• Consult with management to assist with developing corrective action plans for identified audit, risk, Information Security, and IT findings
• Research, design, and participate in or lead the implementation of security initiatives
• Stay current on the latest information technology and security trends
• Recommend corrective actions as identified and needed through Information Security initiatives
• Assist in developing Lending Club-wide best practices for IT and Information security
• Identify, implement, and maintain the policies and procedures required to cost-effectively and uniformly protect Lending Club’s information system assets
• Perform monitoring of security tools and oversee remediation of items identified

Skills on Resume: 

• Control Monitoring (Hard Skills)
• Risk Reporting (Hard Skills)
• Issue Resolution (Soft Skills)
• Metrics Management (Hard Skills)
• Audit Support (Hard Skills)
• Corrective Actions (Hard Skills)
• Security Initiatives (Hard Skills)
• Policy Development (Hard Skills)

Job Summary: 

• Creating, updating and disseminating data protection policies
• Resolving ad-hoc queries and issues relating to data protection
• Identifying data protection and information security issues that need addressing
• Managing a data protection and information security training program
• Managing data protection subject access requests
• Implementing controls for adherence with data protection legislation and relevant codes of practice
• Ensuring the company follows all codes of practice in the relevant sector
• Developing audit standards for personal data handling and information security activities to ensure adherence to internal and external policies
• Liaising with relevant teams to test the company’s capability to respond to a breakdown or other serious contingencies in its operations that affect information security, personal data handling and data protection (both for automated and manual information)
• Maintaining an information asset register
• Establishing and monitoring information exchange agreements
• Regularly reviewing the risk with service owners and data owners
• Maintain and execute the incident response procedure, ensuring prompt redress of information security incidents
• Ensure that the Data Protection aspects are properly covered in the governance documents of all systems processing personal data
• Working with business and support units within the organization to implement the IRM (information risk management) and business continuity strategies and frameworks set by the organization / Management Information Security Forum ( MISF) for Firstsource
• Interface with potential and existing customers as a senior management information security and business continuity representative
• Providing assurance and information as required by the business, marketing or other teams

Skills on Resume: 

• Data Protection (Hard Skills)
• Issue Resolution (Soft Skills)
• Security Training (Soft Skills)
• Access Requests (Hard Skills)
• Audit Standards (Hard Skills)
• Incident Response (Hard Skills)
• Continuity Planning (Hard Skills)
• Customer Assurance (Soft Skills)

Job Summary: 

• Serves as an internal information security consultant to the organization
• Advises the organization on current information about information security technologies and related regulatory issues
• Documents security policies and procedures created by the Information Security Committee
• Implements information security policies and procedures for the organization
• Reviews all system-related security plans throughout the organization's network, acting as a liaison to Information Systems
• Monitors compliance with information security policies and procedures, referring problems to the appropriate department manager
• Coordinates the activities of the Information Security Committee
• Monitors the internal control systems to ensure that appropriate access levels are maintained
• Protects the system by defining access privileges, control structures, and resources
• Recognizes problems by identifying abnormalities, reporting violations
• Implements security improvements by assessing the current situation, evaluating trends, and anticipating requirements
• Determines security violations and inefficiencies by conducting periodic audits
• Upgrades the system by implementing and maintaining security controls
• Keeps users informed by preparing performance reports, communicating system status

Skills on Resume: 

• Security Consulting (Soft Skills)
• Policy Implementation (Hard Skills)
• System Review (Hard Skills)
• Compliance Monitoring (Hard Skills)
• Access Control (Hard Skills)
• Security Audits (Hard Skills)
• System Upgrades (Hard Skills)
• Report Preparation (Hard Skills)

Job Summary: 

• Manages the information security functions in accordance with established IT policies and guidelines
• Manages and coordinates actions with relevant IT personnel to address breaches in security
• Manages overall Information Security matters about data retention, loss prevention, access to information, threats and vulnerabilities
• Participates in external Information Security forums to incorporate current best practices
• Conducts security training and awareness, security orientation and security awareness programs with end business users
• Maintains security management design in line with IS Strategy and business unit needs
• Implements security-related change requests
• Provides impact analysis of these requests and maintains relevant records
• Develops and motivates a team with enough skills to enable overall logical and physical IS security requirements to be achieved across the current and planned IT architecture
• Conducts the information security risk assessment program
• Reviews compliance with the information security policy and associated procedures
• Manages and enhances the Group’s security, risk and governance strategy in a manner that supports the business priorities
• Contributes to the development of the Group’s IT plan through driving the implementation of the overall Information Security, Risk and Governance strategy
• Identifies and monitors relevant department KPI’s
• Sets targets, monitors performance against plan and initiates remedial actions in case of discrepancy between actual and expected performance
• Liaises with the Senior IT Director and other internal stakeholders to develop and implement the company’s overall IT strategy and plan
• Analyses and reports various risk management data, including key risk indicators, identifies trends, provides process oversight, executes supporting tasks, and assures the quality and integrity of risk assessments
• Maintains a budget and forecast for the IS team and the security monitoring environment and reports on performance against SLAs and budget
• Maintains awareness of data protection legislation and ensures that security measures adequately protect staff, client and supplier information
• Monitors and oversees all infrastructure, data and network security
• Maintains ‘real-time’ reporting to the Service Desk and to the Service Managers

Skills on Resume: 

• Security Management (Hard Skills)
• Breach Response (Hard Skills)
• Data Protection (Hard Skills)
• Security Training (Soft Skills)
• Risk Assessment (Hard Skills)
• Governance Strategy (Hard Skills)
• Performance Monitoring (Hard Skills)
• Budget Management (Hard Skills)