• Information security risk officer

    Job Locations US-Manassas
    Job ID
    2019-5985
    Category
    Customer support (technical)
  • Company & department description

    About SWIFT

    SWIFT is world’s leading provider of secure financial messaging services. Our messaging platform, products and services connect more than 11,000 institutions. We enable our global community of users to communicate securely, exchanging standardized financial messages in a reliable way, thereby facilitating global and local financial flows, and supporting trade and commerce all around the world.

    2,800+
    employees

    70+
    nationalities

    200+
    countries

    25
    global offices

     

    Responsibilities

    The information security risk officer (ISRO) delivers a critical function because he or she ensures security risks are timely and adequately identified. What is more, you facilitate discussions that result in a prioritization of appropriate security controls. You work directly with internal departments to drive information security risk analysis and risk management processes. While risk ownership is with business, service or system owners, and thanks to your security expertise and understanding of controls, you are responsible for ensuring threats and associated risks are appropriately identified and consistently rated (rationale, repeatable, realistic).

    Your activities range from continuously enhancing our internal processes (best practices, industry alignment, …) to running these processes in appropriate decision making flows (e.g. cloud sourcing, new product definition, system design changes). Beyond this operational role, you spot trends and recurring weaknesses by combining assessments over time, and can think strategically about pragmatical solutions to solve the root cause of a problem.  

    Your work is essential in the harmonization of SWIFT’s global risk framework, and it is your responsibility to educate people in that framework, and to flag digressions you spot. Eventually you own the end to end chain of security risk management: from proactively identifying risks, to monitoring mitigation, as well as by closely aligning with the compliance & control team to ensure the bigger questions are met from a policy and control effectiveness perspective. All of this in a dynamically changing environment as SWIFT is going through a number of business transformations such as API offering, real time services, Agile transformation and Cloud adoption.

    SWIFT performs security risk assessments in a variety of circumstances: proactively based on new business initiatives, upon the identification of a new threat, in the context of an ISO 27001 ISMS, in projects, in changes made to the current environment, whenever policy deviations occur, on third parties, et cetera. Our ISROs have an adaptive mindset and are creative thinkers, while understanding the importance of compliance as well as the bigger picture of enterprise risk management.

    Qualifications

    Characteristics of a good ISRO

    • Be curious, rationale, articulate and realistic. Understand that security should be an enabler, not a disabler.
    • Have a risk relevant expertise: infrastructure risk, cloud-related risk, architecture risk… .
    • Know how to translate technical threats and vulnerabilities into a concrete likelihood and impact.
    • Eager to understand SWIFT’s business, our services, and our underlying infrastructure.
    • Is able to see security risk in a bigger risk picture, and is technically versed on risk frameworks.

    Skills required

    • Excellent command of English.
    • Knowledge of NIST, the ISO/IEC 2700x series, FAIR, SABSA or any other frameworks that are risk-relevant.
    • Ability to explain complex problems to business or senior audience
    • Unafraid of collaborative conflict; not every stakeholder will be easily managed and you should be confident in your skills to obtain their buy-in.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed