Job Summary: 

• Execute and participate in various Information Security projects.
• Liaise and collaborate across sectors to ensure the protection of Customer Confidential Information.
• Identify risks and perform or facilitate risk assessments for new projects and applications.
• Propagate decisions and risk controls in the sector and secure commitment to risk mitigation.
• Provide advice and guidance to the business on information security questions.
• Drive compliance with security policies and standards and ensure insight into compliance status.
• Set up and execute information security awareness initiatives.
• Align with other sectors and security departments regarding specific security and customer demands.
• Investigate and report on Information Security incidents.
• Collaborate with Legal and Product Security teams to develop language that addresses customer information security concerns in these documents.

Skills on Resume: 

• Information Security Projects (Hard Skills)
• Risk Assessment (Hard Skills)
• Compliance Management (Hard Skills)
• Incident Response (Hard Skills)
• Collaboration Skills (Soft Skills)
• Advisory Skills (Soft Skills)
• Communication Skills (Soft Skills)
• Awareness Training (Soft Skills)

Job Summary: 

• Lead and manage the lifecycle of information security findings, issues, and risks in support of audit, compliance, and risk management.
• Manage cybersecurity compliance in support of audit projects (such as SOC2, HITRUST, FedRamp, etc.) from the planning phase to completion phase.
• Closely partner with compliance and audit specialists to ensure issue management is aligned with audit framework requirements.
• Analyze security controls and compliance requirements for various frameworks such as SOC2, HIPAA, HITRUST, PCI/DSS, ISO27001, and FedRAMP.
• Perform internal gap assessments for new frameworks.
• Work closely with product, regulatory, privacy, security, engineering, operations, sales, and marketing to initiate and implement issue and risk management discipline.
• Assist with compliance and security engineering projects.
• Perform annual risk assessment and drive remediation activity across various teams.
• Perform continuous monitoring of compliance activities and work with SMEs to drive remediation efforts and process improvements.
• Develop governance, risk, and compliance measurements and metrics to report to executive management.

Skills on Resume: 

• Compliance Management (Hard Skills)
• Risk Management (Hard Skills)
• Audit Support (Hard Skills)
• Security Controls Analysis (Hard Skills)
• Gap Assessment (Hard Skills)
• Cross-Functional Collaboration (Soft Skills)
• Process Improvement (Soft Skills)
• Governance and Metrics (Hard Skills)

Job Summary: 

• Develop, implement, and drive the strategic direction, performance, and sustainability of the information security function.
• Oversee and deliver a scalable, efficient, collaborative, and customer-centric operating model.
• Manage the Information Security Strategy, ensuring alignment with technology governance standards and organizational goals.
• Administer the Threat and Vulnerability Management Framework to safeguard systems and assets.
• Review and respond to identified security breaches to ensure appropriate protection of information and infrastructure.
• Lead incident response and recovery efforts for disruptions or failures in information processing systems.
• Drive continuous improvement, innovation, and proactive risk management within the security function.
• Monitor industry developments and regulatory changes, applying relevant security metrics and controls to products and services.
• Capture, track, and communicate customer security requirements and concerns, ensuring they are integrated into the ISA/BAA response process.
• Maintain accurate records of information security and privacy provisions for reporting, tracking, and compliance.

Skills on Resume: 

• Security Strategy (Hard Skills)
• Threat Management (Hard Skills)
• Incident Response (Hard Skills)
• Risk Management (Hard Skills)
• Regulatory Compliance (Hard Skills)
• Customer Focus (Soft Skills)
• Process Improvement (Soft Skills)
• Strategic Leadership (Soft Skills)

Job Summary: 

• Conduct security risk assessments and define information security requirements for projects, business processes, cloud applications, infrastructure, and information systems.
• Assess third-party service providers and vendors to identify security gaps, risks, and mitigation strategies in outsourced environments.
• Define, collect, and report technology Key Risk Indicators (KRIs), Key Control Indicators (KCIs), and other metrics for management review.
• Analyze KRIs, KCIs, and compliance metrics to identify trends and drive improvements in IT and business processes.
• Support regional markets with IT security requirements, regulatory compliance, penetration testing, and vulnerability management.
• Apply hands-on expertise in security controls to ensure regulatory requirements are met, providing clear technical guidance and remediation strategies.
• Collaborate with application, platform, and infrastructure teams to mitigate risks effectively.
• Coordinate penetration tests and oversee timely remediation of identified security gaps.
• Monitor regulatory changes, emerging threats, and industry trends to strengthen risk management and enhance security posture.
• Prepare certification reports, respond to customer security inquiries, and manage information security questionnaires and agreements.

Skills on Resume: 

• Risk Assessment (Hard Skills)
• Vendor Assessment (Hard Skills)
• Security Metrics (Hard Skills)
• Compliance Analysis (Hard Skills)
• Vulnerability Management (Hard Skills)
• Technical Guidance (Hard Skills)
• Cross-Team Collaboration (Soft Skills)
• Regulatory Monitoring (Hard Skills)

Job Summary: 

• Provide subject matter expertise and assessments on information, risk, and security to IT and business teams in support of their risk management activities.
• Support the Information Risk & Control assessment process and provide expert input on IT risks, security measures, controls, and remediation actions.
• Contribute to the definition and improvement of information and security risk requirements, and collaborate with IT services and business units to prioritize new features or control development.
• Oversee information security audits, whether performed internally or by third parties.
• Promote a culture of information and security risk awareness and good conduct through regular communication, awareness initiatives, and training.
• Collaborate with business and IT teams to translate business and security requirements into Identity and Access Management (IAM) requirements for all account types and IT assets.
• Assist IT services in aligning business roles with access and provisioning needs.
• Support the design and alignment of IAM policies and processes across the organization, and contribute to the documentation of guidelines.
• Identify and evaluate risks in IAM processes, implement internal controls to mitigate risks, and identify opportunities for continuous improvement.
• Design controls to ensure adherence to IAM procedures and evaluate their effectiveness.
• Create rules and processes for automation to integrate application provisioning with required security and approval controls.
• Support the design and implementation of policies and automation for monitoring and recertification of accounts.

Skills on Resume: 

• Risk Expertise (Hard Skills)
• Control Assessment (Hard Skills)
• Security Auditing (Hard Skills)
• Risk Awareness (Soft Skills)
• IAM Requirements (Hard Skills)
• Access Management (Hard Skills)
• Policy Design (Hard Skills)
• Process Improvement (Soft Skills)

Job Summary: 

• Act as the primary security point of contact for projects and initiatives.
• Provide authoritative information security risk control consultation.
• Collaborate regularly with business leaders and product owners to evaluate security needs and impacts of security decisions on business processes, and communicate risks.
• Assist in the development of efficient and practical information security systems, procedures, and controls as part of project development, business applications, or process improvement.
• Participate as a technical advisor for a variety of ad-hoc security projects.
• Design and implement an integrated risk management approach that applies operating controls to manage information security risks.
• Implement information security policies, standards, and other requirements.
• Guide staff in developing applications that maintain secure coding practices and interpret the output of code analysis tools.
• Address information security-related issues and findings, ensuring that remedial actions as well as long-term solutions are implemented to mitigate underlying risks.
• Maintain knowledge of current information security best practices, procedures, laws, and regulations while also being able to clearly translate them into actionable advice for colleagues in technical and non-technical roles.

Skills on Resume: 

• Security Consultation (Hard Skills)
• Risk Management (Hard Skills)
• Business Collaboration (Soft Skills)
• Process Improvement (Soft Skills)
• Technical Advisory (Hard Skills)
• Policy Implementation (Hard Skills)
• Secure Development (Hard Skills)
• Regulatory Knowledge (Hard Skills)

Job Summary: 

• Lead the cybersecurity risk management cycle, including vulnerability management.
• Serve as the subject matter expert on risk identification, classification, remediation, and reporting.
• Proactively monitor emerging threats and assess their risks to the organization.
• Evaluate and recommend defensive measures to mitigate security risks.
• Evaluate security risks associated with third parties with which the organization conducts business.
• Inspect SOC1/2, SSAE18, and other audit reports to identify key risks and work with third/fourth parties to ensure remediation controls are adequate.
• Manage the cybersecurity awareness training program.
• Develop up-to-date training content to reflect the latest cyber risks and deliver training to both internal and external customers using various channels.
• Conduct FFIEC risk assessments on assets, third parties, processes, and technology, and refine the risk assessment framework.
• Lead security threat assessments, including penetration tests, phishing tests, and incident response tests.
• Work closely with business leaders to understand the organization’s strategy and align the information security program with business goals.
• Ensure risks are appropriately prioritized by soliciting feedback from business units, understanding regulatory and compliance requirements, and performing impact analysis.

Skills on Resume: 

• Risk Management (Hard Skills)
• Threat Monitoring (Hard Skills)
• Defensive Measures (Hard Skills)
• Third-Party Assessment (Hard Skills)
• Audit Review (Hard Skills)
• Awareness Training (Soft Skills)
• Threat Testing (Hard Skills)
• Business Alignment (Soft Skills)

Job Summary: 

• Maintain existing and develop new information security governance documents, including policy, framework, standards, and procedures.
• Provide security advisory services to Technology and line of business team members, including security training, input into security design of systems, completion of security testing during the development lifecycle, and remediation of control vulnerabilities.
• Prepare and maintain a risk register for weaknesses identified during design-level Security Risk Assessments, and track them for remediation.
• Perform technical security testing or assist Technology team members with testing, including infrastructure vulnerability assessments and application security testing.
• Provide security supplier governance support by performing third-party risk assessments annually, during onboarding.
• Manage and maintain code scanning tools and GRC solutions.
• Manage security risks for the assigned portfolio to ensure action and mitigation plans are defined and executed on time.
• Prepare, track, and maintain permanent risk acceptances, risk exceptions, and relevant registers.
• Provide periodic reports to outline the status of information security risks.
• Escalate outstanding risks.
• Liaise with internal and external auditors or consultants and provide the required documents and details.
• Perform assessments of the security program and assist with assessments by third parties, such as self-assessments and compliance audits.
• Review internal and external reports to ensure compliance with regulatory requirements related to IT and Information Security.

Skills on Resume: 

• Security Governance (Hard Skills)
• Security Advisory (Hard Skills)
• Risk Register (Hard Skills)
• Security Testing (Hard Skills)
• Third-Party Risk (Hard Skills)
• Tool Management (Hard Skills)
• Risk Reporting (Hard Skills)
• Audit Support (Hard Skills)

Job Summary: 

• Orchestrate and deliver cybersecurity risk assessments and mitigation plans for ERP and Consumer SC projects, applications, and supporting technologies while maintaining awareness of the changing threat landscape.
• Continuously update SAP security standards to best-in-class and drive them across the SAP landscape.
• Maintain connections with SAP industry peers and monitor the SAP landscape to identify and understand emerging security threats, technologies, and capabilities that enable risk mitigation.
• Advance cybersecurity of Consumer SC systems, applications, and integrations across product lines and regions by identifying key risks and controls.
• Understand and promote risk management activities associated with external regulations and internal policies such as IAPP, SOX, GxP, and GDPR.
• Assure leadership on the cybersecurity risk posture of the SAP and Consumer Application Portfolio, including Consumer and Finance S/4 transformations.
• Perform assessments and design reviews of current and future solutions and environments, rank solutions according to security risk, and provide coaching and guidance on remediation and best practices.
• Shape strategy for needed security capabilities, influence business funding and adoption, and partner in the selection and deployment of those capabilities.
• Provide security consulting and assurance through secure architecture design reviews, secure coding, encryption, configuration, crafting security user stories, and offering remediation guidance across applications, databases, infrastructure, networks, and interfaces.
• Build, maintain, and lead a complex global network of TS, BTL, PLO, and compliance group stakeholders by training them in security, gaining alignment and funding for projects, and influencing the allocation of resources for mitigation.
• Lead the development of metrics and dashboards to enable effective management of risk.

Skills on Resume: 

• Risk Assessment (Hard Skills)
• SAP Security (Hard Skills)
• Threat Monitoring (Hard Skills)
• Regulatory Compliance (Hard Skills)
• Secure Architecture (Hard Skills)
• Remediation Guidance (Hard Skills)
• Stakeholder Management (Soft Skills)
• Metrics Development (Hard Skills)

Job Summary: 

• Oversee and challenge 1st line ICS risk proposals and risk-taking activities.
• Monitor ICS risks and associated remediation plans across countries using the Governance Risk Type Framework.
• Assure that the 1st line implements controls to comply with applicable laws and regulations as defined by the Policy team.
• Challenge risk decisions derived from regional ICS Key Indicator Performance Monitoring.
• Take part in regional or country ICS Transformation and Remediation Program (TRP) Working Groups as a 2nd line ICS Subject Matter Expert (SME).
• Promote a healthy ICS risk culture and good conduct across the region.
• Lead through example and operate with the appropriate culture and values.
• Work in collaboration with risk and control partners.
• Work closely with country ISROs aligned and scaled to the ICS risk control needs of the region.
• Uphold and reinforce the independence of the second line ICS Risk function.
• Deliver objectives set forth by leadership to support the ICS risk management approach and objectives.
• Ensure risks are managed in accordance with the Governance Risk Type Framework and associated Policy and Standards, and escalate and address issues.

Skills on Resume: 

• Risk Oversight (Hard Skills)
• Control Compliance (Hard Skills)
• Risk Monitoring (Hard Skills)
• Policy Assurance (Hard Skills)
• Risk Culture (Soft Skills)
• Stakeholder Collaboration (Soft Skills)
• Subject Matter Expertise (Hard Skills)
• Regulatory Alignment (Hard Skills)

Job Summary: 

• Establish strong ties with relevant country leadership, governance, risk, and control committees to ensure adequate monitoring, tracking, and governance of ICS risk.
• Drive integration of the ICS Risk Type Framework across the region and utilize it for ongoing governance of country risk.
• Display exemplary conduct and live by organizational values and the Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, by ensuring compliance in letter and spirit with all applicable laws, regulations, guidelines, and the Code of Conduct.
• Identify, escalate, mitigate, and resolve risk, conduct, and compliance matters effectively and collaboratively.
• Exercise authorities delegated by the Board of Directors and act in accordance with the Articles of Association.
• Establish strong relationships with identified stakeholders and understand their strategic goals to ensure ICS alignment.
• Prepare, present, and challenge in a 2nd line capacity at relevant risk committees, steering groups, and cross-business opportunities.
• Validate the accuracy of KRIs, KCIs, and other risk ratings, as well as process designs, to meet policy requirements.
• Ensure that Process Owners escalate risk, control, and process deficiencies appropriately in accordance with relevant risk frameworks.
• Build trusted working relationships with security functional heads, risk and compliance counterparts, and stakeholders.
• Utilize appropriate risk management tools to manage, track, and monitor ICS risks.

Skills on Resume: 

• Risk Governance (Hard Skills)
• Framework Integration (Hard Skills)
• Ethical Conduct (Soft Skills)
• Regulatory Compliance (Hard Skills)
• Risk Mitigation (Hard Skills)
• Stakeholder Engagement (Soft Skills)
• Committee Participation (Soft Skills)
• Risk Monitoring (Hard Skills)

Job Summary: 

• Monitor changes in business processes, information systems, management, and operations, and maintain an assessment of risk accordingly.
• Build and maintain productive relationships with process owners.
• Act as the Risk Management Coordinator to administer the Risk Register and Risk Management Program.
• Through effective leadership, ensure audits of control effectiveness, design, and other projects are completed efficiently and within established deadlines.
• Review departmental work to ensure that assessments of the internal control structure related to audited processes are supported through sufficient and adequately documented evidence.
• Continually evaluate the efficiency and effectiveness of internal controls and departmental functions, and identify areas for improvement.
• Assist with internal investigations as directed by the Chief Information Security Officer.
• Promote good IT compliance practices among staff and associated contractors.
• Provide direct and specific guidance to internal control process owners regarding their responsibilities and the work being performed.
• Perform risk assessments of potential new vendors and vendors whose services have changed.
• Maintain awareness of current compliance requirements, audit professional standards, and legislative changes, and apply them to IT controls and the audit function.

Skills on Resume: 

• Risk Assessment (Hard Skills)
• Relationship Management (Soft Skills)
• Risk Register (Hard Skills)
• Audit Management (Hard Skills)
• Control Evaluation (Hard Skills)
• Investigation Support (Hard Skills)
• Compliance Guidance (Soft Skills)
• Vendor Assessment (Hard Skills)

Job Summary: 

• Maintain awareness of current issues and significant changes within the business environment and processes.
• Periodically determine the need for revisions to control processes.
• Effectively interact with all levels of management and third-party suppliers.
• Review specific control risk assessments to ensure efficiency and effectiveness in addressing key risks associated with the respective auditable entity or entities.
• Review vendor risk questionnaire submissions to identify key risks associated with the respective vendor or service, and work with stakeholders to mitigate and advise.
• Draft and agree with the Chief Information Security Officer, and regularly update, an audit plan that includes a schedule for all audits to be undertaken.
• Monitor the progress of audits open, in progress, and completed to ensure that any issues regarding the completion of the audit plan are identified and addressed proactively.
• Ensure appropriate communication with third-party IT and internal process and service owners regarding the timing and logistics of each audit and review.
• Anticipate problems and obstacles to the timely and efficient completion of audits and compliance reviews.
• Recommend solutions to anticipated and incurred problems and obstacles impeding the timely completion of such audits and reviews.
• Review evidence to ensure the assessment of the effectiveness and efficiency of internal controls is adequate, sufficiently supported, and documented, and departmental and professional standards are upheld.

Skills on Resume: 

• Control Review (Hard Skills)
• Process Improvement (Soft Skills)
• Stakeholder Interaction (Soft Skills)
• Vendor Risk (Hard Skills)
• Audit Planning (Hard Skills)
• Audit Tracking (Hard Skills)
• Problem Solving (Soft Skills)
• Internal Control Evaluation (Hard Skills)

Job Summary: 

• Perform audit and review work, particularly in highly complex areas and where IT resources may otherwise be insufficient.
• Ensure issues and exceptions are fully identified and properly defined, and recommendations are adequately formulated to address the root cause of identified issues in a beneficial manner.
• Ensure issues and recommendations are adequately and effectively communicated to process owners on a proactive basis during the course of each audit or review.
• Review final process owners’ responses for adequacy and completeness.
• Ensure appropriate and timely follow-up audit work is performed to properly update the status of outstanding reported issues, and provide adequate communication to management on a proactive basis.
• Monitor the progress of process owners’ activities to determine if issues receive proper attention, and communicate and escalate concerns to the Chief Information Security Officer.
• Act as the Risk Management Coordinator to administer the Risk Register and Risk Management Program, and manage associated processes, including reporting to leadership and global risk management stakeholders.
• Assist the Chief Information Security Officer in the continued development, periodic review, and revision of IT policies and procedures.
• Use the organization’s various internal communication methods to direct colleagues and the wider organization to current and new policies, as well as essential compliance information.
• Work collaboratively with technology teams and global security functions to determine changes in policy and process.
• Assist in the completion of external IT audits, questionnaires, or pitch responses.

Skills on Resume: 

• Audit Execution (Hard Skills)
• Issue Resolution (Hard Skills)
• Risk Communication (Soft Skills)
• Follow-Up Auditing (Hard Skills)
• Risk Register (Hard Skills)
• Policy Development (Hard Skills)
• Compliance Communication (Soft Skills)
• External Audit Support (Hard Skills)

Job Summary: 

• Promote and guide security and risk awareness, management, and governance corporate-wide as it relates to technology-related operational risks.
• Lead IT security and risk professionals to support organizational risk goals and bring clarity to potential areas of material security and technology risk.
• Lead the identification, reporting, and response to information security incidents.
• Oversee audits and compliance reviews representing information technology functions to support security, audit, and risk needs.
• Develop and refine the program to provide a sound approach to understanding the security and technology risk appetite and posture with supporting metrics, assessment results, and other data inputs.
• Mature risk-based metrics, scorecards, and dashboards to track performance and monitor trends across the organization.
• Participate with the Chief Risk Officer, General Auditor, and Privacy Officer to help manage risk across the company.
• Lead a team of Information Security Engineers and Risk Analysts to promote efficient and automated deployment of information security services while maintaining stability, governance, and guiding the team in an agile environment.
• Develop service-based partnerships with leaders to provide enterprise solutions.

Skills on Resume: 

• Risk Awareness (Soft Skills)
• Team Leadership (Soft Skills)
• Incident Response (Hard Skills)
• Audit Oversight (Hard Skills)
• Risk Metrics (Hard Skills)
• Data Analysis (Hard Skills)
• Cross-Functional Collaboration (Soft Skills)
• Enterprise Solutions (Hard Skills)

Job Summary: 

• Develop and measure goals to establish expectations and evaluate performance.
• Manage information security services to ensure technical solutions are in place.
• Ensure technology lifecycle management and capability management align with information security standards based on ISO 27001/2 and NIST CSF.
• Partner with the Cloud Enablement team to guide the implementation and operation of core cloud information security services supporting related infrastructure and application services.
• Guide staff career development through certifications in information security, risk, and cloud management disciplines.
• Work with Enterprise Architecture to form technology strategies for each managed security capability and service.
• Incorporate business continuity practices into information security capability management to ensure resilient services for partners.
• Partner with the IT Service Manager to ensure ITIL operational support expectations are achieved, including incident and problem resolution, engineering escalation (level 2/3), and solutions for mentoring and maturing operational capabilities.
• Build a diverse information security portfolio across product teams, ensuring committed deliveries on time and within budget.

Skills on Resume: 

• Goal Setting (Soft Skills)
• Security Services (Hard Skills)
• Lifecycle Management (Hard Skills)
• Cloud Security (Hard Skills)
• Career Development (Soft Skills)
• Technology Strategy (Hard Skills)
• Business Continuity (Hard Skills)
• ITIL Support (Hard Skills)

Job Summary: 

• Lead, coach, and develop a team of subject matter experts responsible for managing the ISMS and its key components.
• Oversee the creation and ongoing maintenance of the Information Security Policy Framework aligned with risk appetite, legislation, and industry standards.
• Conduct enterprise-level Information Security risk assessments and actively participate in the complete Risk Management process.
• Maintain awareness of current and emerging threats, as well as industry trends, to inform security strategies.
• Collaborate with Security & Resilience teams and wider stakeholders to embed security policies, standards, and controls.
• Promote and strengthen an organizational culture of Information Security.
• Analyze, evaluate, and provide consultation on IT cyber incidents and related risk events.
• Assess and report on the company’s IT security vulnerabilities.
• Lead innovation projects while serving as the primary advisor on cybersecurity issues.
• Build strong working relationships with both internal and external stakeholders to support security initiatives.

Skills on Resume: 

• Team Leadership (Soft Skills)
• Policy Framework (Hard Skills)
• Risk Assessment (Hard Skills)
• Threat Awareness (Hard Skills)
• Stakeholder Collaboration (Soft Skills)
• Security Culture (Soft Skills)
• Incident Analysis (Hard Skills)
• Cybersecurity Advisory (Hard Skills)

Job Summary: 

• Collaborate with stakeholders to implement the Group Information Security framework, policies, and guidelines.
• Conduct gap analyses against the Group framework and local regulatory requirements, then work with the first line to close identified gaps.
• Support the identification, assessment, and prioritization of information security threats while improving controls with relevant stakeholders.
• Carry out and review security risk assessments, guiding asset owners on protection needs and coordinating with IT to ensure implementation.
• Provide regular updates to management and the Group CISO on risks, mitigation measures, incidents, and progress of security initiatives.
• Partner with the Risk Management function and the Chief Risk Officer on broader risk-related topics.
• Plan and perform security reviews across the bank’s IT systems lifecycle, covering both in-house and third-party environments.
• Work closely with business stakeholders to ensure risks are identified, communicated, and understood for informed decision-making.
• Evaluate information security solutions and processes while offering risk advisory services.
• Continuously develop and enhance practical, context-based security risk assessment processes to strengthen the organization’s defenses.

Skills on Resume: 

• Framework Implementation (Hard Skills)
• Gap Analysis (Hard Skills)
• Threat Assessment (Hard Skills)
• Risk Assessment (Hard Skills)
• Management Reporting (Hard Skills)
• Risk Partnership (Soft Skills)
• Security Reviews (Hard Skills)
• Risk Advisory (Soft Skills)