• Engage Business System Owners, providing security best practice knowledge at the Senior Level for their systems and projects.
• Define and ensure security measures are implemented across various environments, in line with regulatory demands and security best practices.
• Define, coordinate, and track associated remediation actions according to a mutually agreed plan.
• Effective communication across a variety of stakeholders, including senior management.
• Contribute to the development of policy and control framework, specifically to information risk and information handling.
• Take ownership of the regional implementation of security good practices.
• Co-develop security awareness campaigns and training with global outreach to associates and third parties, including business associates, e.g., those tasked with security-relevant assignments.
• Take the lead on security and technical projects.
• Participate in the Security Incident Response team.
• Serve as backup to the Chief Information Security Officer at management and Board meetings.

Skills: Security Management, Risk Assessment, Regulatory Compliance, Stakeholder Communication, Policy Development, Security Training, Incident Response, Project Leadership

• Analyse the impact of new technologies, information security laws, and regulations.
• Assess information security controls and risks, and drive risk remediation with risk owners.
• Maintain the information security risk and issues registers, and run information risk committees.
• Define risks and vulnerability mitigation strategies, and work with teams to remediate.
• Drive inventory management and perform security categorization of systems with owners.
• Further develop and implement the Information Security Framework (ISF).
• Provide guidance and take accountability for daily business compliance to the ISF, as well as in business and IT projects, and drive continuous improvement based on customer feedback.
• Design and deliver the Security Education Training Awareness (SETA) program.
• Participate in the design and execution of internal audits of business compliance with the ISF.
• Support IT and business stakeholders in internal or external audits.
• Respond to information security incidents and provide timely reports to relevant stakeholders.

Skills: Regulatory Compliance, Risk Management, Security Governance, Vulnerability Mitigation, Asset Management, Framework Implementation, Security Training, Incident Response

• Perform intakes on new programs, projects, and changes, determine the information security impact, and provide relevant security requirements.
• Provide guidance and advice to realize ‘security by design’ depending on the risk and nature of the project, and validate requirements before Go-Live.
• Define remaining risks, validate them with business stakeholders, recommend mitigations, register them, and follow up on progress.
• Execute structured assessments of key applications with a focus on high-level decomposition, information usage, and access model, and report to stakeholders.
• Apply ISO27001/2 and ASML policies and standards as a basis.
• Execute risk assessments on processes or specific issues and define risks with proposed mitigation actions.
• Drive compliance with policies and standards and ensure insight into compliance status.
• Investigate and report on information security incidents.
• Create security awareness.
• Participate in and support ASML's wide security portfolio projects, and drive or support Corporate sector-specific projects.
• Keep up with relevant international legislation, emerging threats, forecasts, policies, and benchmarks.
• Align with other security risk management teams and related functions like IT Security, the privacy office, or internal control.

Skills: Security by Design, Risk Assessment, Compliance Management, Application Security, Policy Implementation, Incident Management, Security Awareness, Stakeholder Alignment

• Identify and evaluate risks, understand business context, and prepare reports and recommendations.
• Perform annual security risk assessments and conduct ongoing organizational compliance monitoring activities.
• Identify cloud-related risks and assess related business impact.
• Identify risk mitigation approaches, including actions, phases, and manual efforts.
• Communicate risks in business terms for prioritization.
• Work with all functional business areas to develop and maintain a corporate-wide BCP program addressing business recovery and emergency response management.
• Define, establish, and implement organizational information security processes to ensure business, regulatory, legislative, and contractual requirements and obligations are met.
• Implement internal and external ISMS audit processes and audit plans, monitor the effectiveness of controls, and coordinate corrective actions with stakeholders across the organization.
• Manage gap analysis, compliance readiness, and compliance monitoring activities for ISO/IEC 27001, SOC 2, and other regulatory security audits.
• Coordinate external security audits, assessments, and testing, and oversee remediation plan development and implementation.
• Identify, assess, and monitor information security risks and recommend mitigation measures.
• Develop content, coordinate, and facilitate a comprehensive organizational information security awareness training program.

Skills: Risk Evaluation, Compliance Monitoring, Cloud Security, Business Continuity, Process Implementation, Audit Management, Gap Analysis, Security Training

• Consult with IT groups, business units, and other risk management areas to ensure program components meet business needs.
• Identify and assess information security-related risks to understand their impact on the effectiveness and efficiency of the Information Security Program.
• Build and adjust risk framework elements and integrate them into the enterprise risk management program and framework.
• Work closely with technology, security, and business leaders to mitigate risk and identify areas where existing information security processes and procedures require change.
• Establish and maintain program effectiveness measures.
• Maintain knowledge of changing technologies and provide recommendations for adapting new technologies or policies.
• Consult on complex issues related to information security, risk management, or technology.
• Perform monitoring of security tools and oversee remediation of identified items.
• Brief management on the status of security initiatives and the effectiveness of controls.
• Update cybersecurity policies and standards and engage in cybersecurity control improvements.

Skills: Risk Consulting, Security Assessment, Framework Development, Risk Mitigation, Program Evaluation, Technology Adaptation, Policy Management, Security Monitoring

• Protect employees and customers by ensuring processes and technology safeguard data in compliance with applicable laws and regulations.
• Maintain business continuity by minimizing risks and compromises to production facilities, operations, and customer-facing applications.
• Strengthen governance with resilient management systems to continuously assess and manage risks effectively.
• Ensure applications, platforms, and technology solutions meet PwC Policy standards for security and compliance.
• Drive process improvements to streamline communication, clarify information flows, and respond efficiently to information requests.
• Identify and manage key privacy and data protection risks and compliance issues.
• Stay current with best practices and technological advancements to enhance IT governance across Assurance applications.
• Elevate team capability through coaching and mentoring of junior members.
• Build strong relationships with local and global colleagues, stakeholders, and actively contribute to the vision, strategy, and leadership of Assurance.
• Serve as a confident communicator and presenter.
• Undertake additional duties as directed by the Head of Department or CEO.

Skills: Data Protection, Business Continuity, Risk Governance, Compliance Assurance, Process Improvement, Privacy Management, IT Governance, Team Leadership

• Contribute to the continual development, maintenance, and enforcement of the league’s information security policies, guidelines, standards, and procedures across all business units and domains of technology.
• Assist with the deployment of technologies, policies, guidelines, procedures, and documentation to help reduce overall organizational risk.
• Support various GRC duties, including configuration auditing and monitoring, identity and access management, and compliance monitoring.
• Provide assessments, monitoring, and reporting of corporate information security risks for various business units.
• Provide assessments, monitoring, and reporting of vendor information security risks for various business units.
• Manage the development and deployment of the employee security awareness and training programs.
• Manage the development and deployment of the vulnerability management program.
• Guide on information risks for new vendor products and services under consideration.
• Work with business partners, colleagues, and vendors to institute risk-mitigating controls.
• Provide and coordinate Infosec input for key compliance, legal, and regulatory initiatives.
• Advise, interpret, educate, and report on compliance with various security frameworks, policies, procedures, regulations, and legal requirements.
• Conduct regular entitlement reviews for users, applications, and services in conjunction with application, operations, and management teams.

Skills: Policy Management, Risk Assessment, GRC Operations, Vendor Risk, Security Training, Vulnerability Management, Compliance Advisory, Access Management

• Ensure the smooth functioning of the department and maintain the reputation of the Information Security Team as a viable business partner.
• Recommend programmatic and technical directions and operate with a high degree of independence in investigating, analyzing, and mitigating security incidents, managing risks, and implementing computer and network security measures.
• Operate independently in project management activities, including the development of project plans and budgets or resource estimates.
• Receive feedback from business units and provide input to the Information Security shared service documentation, including service descriptions, costs, service level agreements, and metrics for the information security service catalog.
• Manage the security incident response team.
• Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
• Assess, evaluate, and make recommendations regarding the adequacy of security controls for information and technology systems.
• Lead the system-wide information security compliance program to ensure IT activities, processes, and procedures meet defined requirements, policies, and regulations.
• Develop and implement effective policies and practices to secure protected and sensitive data and ensure compliance with relevant legislation and legal interpretation.
• Communicate effectively with financial partners and tax advisors to review, document, and understand potential security issues.
• Assist in responses for partnership security assessments, provide or assess partner security programs, and manage SOC II activities for business unit initiatives.
• Execute strategy for managing increasing numbers of audits, compliance checks, and external assessments for internal and external auditors, PCI DSS, FINRA, NYDFS, NIST 800-53, NIST 800-171, Sarbanes-Oxley, and CCPRA.

Skills: Security Leadership, Incident Management, Project Management, Service Documentation, Risk Management, Compliance Oversight, Data Protection, Audit Coordination

• Relevant experience in information security risk management.
• Possess valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP).
• Understanding/knowledge/experience in the IT security domain.
• Experience with the ISO27001 and ISO31000 risk management framework and with Identity and Access Management processes.
• Knowledge and experience of Big Data and Big Compute security.
• Affinity with Research and Development processes, way of working, and culture.
• Knowledge of export regulations.
• Knowledge of GCP and Azure platforms and deployments (IAAS, PAAS, and SAAS).
• Solid DevOps (SAFe) and project management understanding.
• Able to understand and translate IT threats and vulnerabilities into business risk.
• Good communication and stakeholder management skills at different levels of the organization and with outside vendors and service providers.
• Pro-active and self-motivated with the proven ability to drive results.
• A strong team player with solid analytical skills.

Qualifications: BS in Network Security with 9 years of Experience

• Progressive experience in information security, holding CISSP or CISM, and management experience.
• Knowledge of data compliance and privacy standards and regulations as they apply to the insurance and banking industries.
• Experience working with Risk, Security, or Audit frameworks (i.e., COBIT, COSO, ISO 27001/2, NIST 800-53, AICPA, BITS).
• Experience with Identity Management and Single Sign-On implementations and designs.
• Experience with security tools, e.g., Nessus, Tenable Security Center, Microsoft Office 365, Umbrella, Endpoint Detection & Response, Red Hat Linux, and database security.
• Understands the role security has within all aspects of the IT infrastructure.
• Knowledge and understanding of current disaster recovery planning techniques and technologies, and methods used in performing risk analysis and business impact analysis.
• Experience with developing IT Security policies, standards, and procedures.
• Security Operations Center management experience.
• Strong verbal, written, and presentation skills.
• Excellent project and technical management skills, and the ability to manage external resources.
• Demonstrated strong analytical and troubleshooting skills.
• Self-motivated, self-directed, and detail-oriented while working with data.
• Ability to effectively prioritize and execute tasks in a fast-paced, results-driven environment.

Qualifications: BS in Information Security with 12 years of Experience

• Significant work experience related to information security and/or IT operational risk management across on-premise, remote, and cloud environments.
• Knowledge of and experience with common information and cybersecurity management frameworks, such as ISO 27001, ITIL, COBIT, CIS, and NIST CSF.
• Knowledge of and experience with relevant legal and regulatory requirements such as GDPR, PIPEDA/CPPA, CCPA, and various other data privacy laws and regulations.
• Experience with managing GRC programs, applications, and solutions.
• Experience with auditing, monitoring, and securing Identity and Access Management (IAM) platforms.
• Knowledge of secure software development lifecycle (SDLC) principles.
• Excellent communication and presentation skills.
• Ability to be comfortable delivering messages across a wide spectrum of individuals, having varying degrees of security and technical understanding.
• Strong critical thinking, deductive reasoning, prioritization, and problem-solving skills.
• Demonstrated decision-making under pressure abilities, making sound, timely judgments during incidents or high-stakes risk assessments.

Qualifications: BS in Computer Science with 8 years of Experience

• Strong experience as an Information Security risk specialist.
• Good knowledge of working alongside development teams in an agile software development (SDLC) environment.
• Knowledge of industry frameworks such as ISO 27001.
• Experience within internal auditing for Information Security and wider teams.
• Experience with third-party/vendor risk management, assessing and monitoring the security posture of external partners, suppliers, and cloud service providers.
• Skill in data analytics for risk insights, using metrics, dashboards, and reporting tools to identify trends, measure control effectiveness, and support risk-based decision-making.
• Stakeholder engagement and influence abilities, and can identify and manage key stakeholders and department heads, building rapport and constructive relationships.
• Can provide thought leadership in information technology and security, emerging risks, and contribute to the ongoing development of Zopa's Cyber Resilience strategy.
• Comfortable making the transition from IT/Security into a second-line (2LoD) oversight role.
• Open to learning how DevOps operates and implementing a risk management framework in an agile, fast-paced environment.

Qualifications: BS in Cybersecurity with 6 years of Experience

• Relevant working experience performing information security risk assessment, preferably in both start-up and enterprise environments.
• Strong experience in performing security assessments in a cloud-based environment, technologies, and services.
• Hands-on experience working on cloud technology and services.
• Excellent understanding of industry frameworks such as NIST framework, ISO 27001, PCI DSS, SOC 2, etc.
• Excellent understanding of regulatory requirements in different markets the organization operates (e.g., MAS, HKMA, FSC, BNM, BSP, BOT).
• Familiar with Software/Applications Development Life Cycle best practices and IT controls over different operating systems, cloud technologies, etc.
• Ability to prioritize and divide responsibilities, as well as influence people to take action to assist in the resolution of security gaps.
• Strong understanding of the security assessment process and procedures.
• Strong operations, systems, and network administration to understand and execute countermeasures and relevant remediation.
• Knowledge of vulnerability management, red teaming, and penetration testing.
• Creative, independent, with good problem-solving skills.
• A Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP) qualification, or equivalent certifications.
• Certified Information Security Manager (CISM), AWS Certified Security Specialty (CSS), and/or Certified Cloud Security Professional (CCSP).

Qualifications: BS in Information Technology with 10 years of Experience

• Professional experience in information risk frameworks and management, information security/cybersecurity frameworks and management, and IT audit, preferably in a mid/large-sized financial institution.
• Experience in Identity and Access Management best practices and IT risk and security management in cloud environments.
• Education in the field of information risk management and auditing (CISA, CISM, CRISC, CIA, CRMA, FRM).
• Experience with regulatory engagement and examinations, preparing for, responding to, and liaising with regulators and external auditors on security and risk matters.
• Experience in third-party/vendor risk management, evaluating, monitoring, and mitigating risks posed by suppliers, partners, and outsourcing arrangements.
• Skill in developing and implementing security awareness programs, improving employee security culture, and reducing human-related risks.
• Experience with data privacy and protection programs, aligning security controls with laws such as GDPR, CPPA, or CCPA to safeguard sensitive data.
• Experience with incident response governance, overseeing testing, playbooks, and escalation processes to ensure effective cyber resilience.
• Understanding of and knowledge of digital assets, hence, with some experience working in Agile or DevSecOps models.
• Proven communication and interpersonal skills, including multi-stakeholder management.
• Solid analytical thinking skills, breaking down complex risk and security issues into clear, actionable insights.
• Leadership presence, inspiring confidence and authority when interacting with executives, boards, or regulators.

Qualifications: BS in Management Information Systems with 11 years of Experience

• Experience in a global cybersecurity management role.
• Professional certification in Information Security, CISM, CISSP, and CRISC or ISO27005.
• Proven experience in implementing and operating information security risk management within an environment of a similar size and global representation.
• Strong knowledge of current digital Service delivery concepts, technology, and its cyber protection capabilities.
• Good enterprise business knowledge with the ability to articulate risks in a business language.
• Good knowledge of global regulatory compliance demands in the areas of privacy, industry, or governmental segments (GDPR, China Security law, PCI, critical infrastructure, patriot act, etc.).
• Experience with cyber risk quantification and reporting, translating technical risk into measurable financial and operational impacts for executive decision-making.
• Experience in crisis management and incident response leadership, coordinating global teams during cyber incidents, and ensuring lessons learned are embedded into processes.
• Excellent collaborator and communicator, used to working in a complex and matrixed environment.
• Skill in security program maturity assessments and roadmap development, evaluating current-state controls, and designing multi-year strategies for improvement.
• Engaged and self-motivated, passionate about driving change.
• Proficient in Swedish and English.

Qualifications: BS in Data Analytics with 13 years of Experience

• Security experience, with a passion for information risk management and balancing controls with business needs.
• deep technical expertise and FedRAMP experience, thrive by applying this expertise to gain support and understanding from developers, product owners, and business leaders.
• Adept at working with people of all backgrounds within a growing environment, and helping them be successful while improving security..
• Experience securing Cloud systems for federal customers, and enjoy mentoring technical personnel
• Understanding of FedRAMP information collection and reporting processes.
• Deep knowledge of technical control mechanisms, authentication and authorization methodologies, DevSecOps, and industry security standards such as FedRAMP, NIST, ISO, and others.
• Have one or more security certifications, particularly those with a Cloud focus (CISSP, CCSP, AWS Cloud, Google Cloud Platform, etc.), and experience with report development (status, metrics, and measures).
• Effectively communicating complex technical ideas to peers, executives, and customers
• Can balance advanced technical knowledge and strategic business acuity when engaging with senior-level decision makers to convey the business value of security
• A leader who holds yourself and others accountable to deliver excellent results with little guidance
• Able to show full commitment to customer satisfaction, out-of-the-box thinking, analytical reasoning, and creative problem-solving skills
• A keen ability to switch from high-level thinking to realistic and pragmatic execution.

Qualifications: BS in Cloud Computing with 7 years of Experience