Mission
In support of the Risk Management team, the Consultant will provide the following services:
- Establish risk guidelines for the information security strategy
- Establish guidelines for the design of the information security controls
- Align the risk appetite for security incidents and vulnerability management with the IT Security function
- Monitor and review the management of security events, incidents, and vulnerabilities upon their conclusion
- Establish an Identity and Access Management (IAM) policy, review the implementation of the controls and conduct periodic reviews of user access
- Participate in the planning of IT security assessments and penetration testing by the IT Security function and review the status of the follow-up actions
- Review the management of IT security incidents
- Review the management of web activities reports
- Review the performance monitoring reports (availability, backup, capacity, network)
- Provide input to the trainings and phishing exercises organised by IT&FM
- Perform periodic reviews of the information security risk assessments conducted for prospective service providers and the risk assessments conducted pursuant to the Outsourcing Policy
- Establish information security rules which are reflected in Information Security Policy
Deliverables
The Consultant will be responsible for providing the following deliverables:
- Conduct a thorough assessment of our current information security protocols and procedures
- Contribute to defining the Information Security Strategy, including cyber risks mitigation
- Develop a comprehensive report detailing areas of vulnerability, potential threats, and recommendations for improvement
- Work with our IT Security department to implement recommended changes to current systems and policies
- Provide ongoing support and monitoring to ensure that information security measures remain effective and up to date
- Review and enhance Information Security training programs
- Support with the procurement and assessment of new IT systems and outsourced providers
- Design and perform regular IT access review and implementation of IT controls
- Provide assurance to the overall User Access Management Process on a periodical basis
Skills
The Consultant will have the following profile:
- Degree level education in field of IT risk management, Computer Sciences, information management or related disciplines
- Minimum 8 years relevant experience in Information security or related activities
- Proven track record of success in information security implementation, information security audit, preferably in a financial services domain
- Experience of Information Security Policy implementation and maintenance
- Knowledge of relevant ISO standards (e.g. ISO/IEC 2700x)
- CISA/CISSP or equivalent certification
- Technically expert in information security with a strong understanding of industry best practices and regulations
- Knowledge of principles and techniques of information security risk analysis and assessment
- Experience of incident management and/or crisis management response procedures
- Experience of investigation and response management
- Experience of developing and implementing monitoring, performance, and reporting metrics
- Exposure to operational risk management and activities will be considered a plus
- Strong written and verbal communication skills
- Fluency in English
Job Type: Full-time
