Job Title : Security Risk & Control AdvisorLocation : BelgiumCompany : EuroclearSalary : Open Date : 2023-03-29Close Date : 2023-07-30
Security Risk & Control Advisor
Division: CISO
Euroclear is a global critical financial market infrastructure company.
Strong IT Risk Management and Security are at the core of the company’s services, firmly embedded in their management systems and processes.
The Regulatory Watch, Policies and Controls team is part of the Cyber Information Security Office Division and is in charge of driving the definition and implementation of the policy and control framework addressing the key IT and Security risks and ensuring compliance to all regulations and external requirements applicable to the Technology organization of the group.
The team’s primary location is the Euroclear Brussels headquarters office.
Role
This role is focusing on the security control framework, covering all key security domains including Identity & Access Management, Vulnerability Management, Security Monitoring and Incident Management, Platform, Network and Application Security amongst others.
The Euroclear security control framework is based on the ISO 27001/2 and CIS industry standards and is being implemented in the ServiceNow GRC platform. You will take an active role both in the controls definition and implementation (change) and in managing the control framework as it gradually moves to live operation for continuous monitoring/evidencing and continuous improvement (run).
You will contribute to design, co-create and roll out effective controls addressing key risks and regulatory requirements across all security domains, advising and challenging control owners. By promoting and implementing controls you will help to improve the risk culture and control maturity in IT. You will work closely with security process owners, control owners and performers across IT divisions and locations, as well as liaise with second and third lines of defence (Risk Management and Internal Audit).
You have a strong risk mind-set, are a good relationship builder and want to play a critical role in the IT and Security Risk transformation and change roadmap. Proficient (oral and written) communication as well as influencing are part of your main skills.
Qualifications, professional skills and experience
- University Master’s degree or equivalent experience (education in computer science, engineering or cybersecurity is a plus)
- 2+ years field experience in the security risk and control environment (rather in controls implementation than in auditing or assurance testing), preferably in large/enterprise multi-platform-based IT environments
- Process-minded and good knowledge of the key principles of the standard frameworks such as ISO 27001/2 and CIS is a strong asset
- Certifications in security is a key advantage
- A good understanding and experience with ServiceNow GRC or equivalent solution is a strong asset
- Fluent knowledge of English (verbal, writing, presentation). French and/or Dutch is a plus
Soft skills
- You have a strong risk and control mind-set, you are thorough and strive for high quality in your work
- You have good communication skills, whether on the field, in the team or with management: you are a keen team player and coordinate work amongst people from different areas or divisions. A good relationship builder with diplomacy skills
- You are a highly motivated self-starter and quick learner and you can work proactively in an environment with challenging priorities
- You are analytical and risk oriented. You know how to break down complex situations to address logical links and dependencies. You can distinguish essential information and summarise it accordingly.
- You have the ability to challenge and influence IT and Security experts. You obtain approval of others with good arguments, appropriate influencing methods and personal assertiveness (persuasion), constructively challenging and negotiating at levels up to middle management.