大手証券会社でのGlobal Head of Information Security Risk & Controlsの求人

Responsibilities：

・Develop security reporting/metrics for multiple audiences including executive management and board reporting. Ensure that the relevant metrics are fed into various committees and the Chief Control Office framework and the 2nd Line of Defense.
・Responsible for the implementation of the BISTRA (Business-centric Security Threat & Risk Assessment) Methodology across the most critical value chains of the firm.
・Select, deploy, and manage the Security GRC Portal management to manage the risk and control framework as well as the BISTRA methodology.
・Track and manage all audit, regulatory examinations, client requests, law enforcement requests, and external certifications.
・Manage the risk treatments of security issues and risks identified such as risk acceptances, risk deferments, etc. on behalf of the program and project teams and other stakeholders. Track and monitor the risk treatments to closure.
・Develop and manage all security documentation for the Global CISO team including a library of threats, risks, controls, mitigating practices, capabilities, functions, tools, and processes.
・Monitor and report on compliance with information security and cybersecurity regulations and standards.
・Collaborate with internal stakeholders to ensure alignment of information security risk and controls governance with business objectives.
・Stay current on security risk and controls trends, threats, and regulatory requirements to proactively address emerging issues.
・Responsible for formalising the response to information security incidents, such as data breaches or cyber compromises internally and to regional regulators in accordance with notification rules
・Develop and manage the third-party security risk management team including security assessments and onsite security audits for third parties.

Requirements：

・Bachelor’s degree in cybersecurity, information technology, or a related field. Master’s degree preferred.
・Certified Information Systems Security Professional (CISSP) or equivalent certification.
・Minimum of 8 years of experience in cybersecurity risk management and/or compliance.
・Strong understanding of cybersecurity regulations and standards, such as ISO 27001, NIST, and GDPR.
・Ability to act pro-actively to ensure and effectively collaborate with regional and global counterparts.
・Excellent interpersonal skills with the ability to build and influence; and self-motivated
・Committed to continuous improvement for team and self.
・Ability to run with a number of tasks concurrently and manage expectations appropriately.
・Experience with data compliance standards and regulations
・Ability to collaborate effectively with cross-functional teams.
・Proven track record of developing and implementing cybersecurity controls programs.