• Senior Information Security Risk Officer

    Job Locations US-Manassas
    Job ID
    2019-5987
    Category
    Customer support (technical)
  • Company & department description

    About SWIFT

    SWIFT is world’s leading provider of secure financial messaging services. Our messaging platform, products and services connect more than 11,000 institutions. We enable our global community of users to communicate securely, exchanging standardized financial messages in a reliable way, thereby facilitating global and local financial flows, and supporting trade and commerce all around the world.

    2,800+
    employees

    70+
    nationalities

    200+
    countries

    25
    global offices

     

     

    Responsibilities

    The senior information security risk officer (ISRO) delivers a critical function because he or she ensures security risks are timely and adequately identified for critical business or initiatives as well as across analysis delviered by more junior staff. What is more, you facilitate discussions that result in a prioritization of appropriate security controls. You work directly with internal departments to drive information security risk analysis and risk management processes. While risk ownership is with business, service or system owners, and thanks to your security expertise and understanding of controls, you are responsible for ensuring threats and associated risks are appropriately identified and consistently rated (rationale, repeatable, realistic).

    Your activities range from continuously enhancing our internal processes (best practices, industry alignment, …) to running these processes in appropriate decision making flows (e.g. cloud sourcing, new product definition, system design changes). Beyond this operational role, you spot trends and recurring weaknesses by combining assessments over time, and can think strategically about pragmatical solutions to solve the root cause of a problem.  

    Your work is essential in the harmonization of SWIFT’s global risk framework, and it is your responsibility to educate people in that framework, and to flag digressions you spot. Eventually you own the end to end chain of security risk management: from proactively identifying risks, to monitoring mitigation, as well as by closely aligning with the compliance & control team to ensure the bigger questions are met from a policy and control effectiveness perspective. All of this in a dynamically changing environment as SWIFT is going through a number of business transformations such as API offering, real time services, Agile transformation and Cloud adoption.

    SWIFT performs security risk assessments in a variety of circumstances: proactively based on new business initiatives, upon the identification of a new threat, in the context of an ISO 27001 ISMS, in projects, in changes made to the current environment, whenever policy deviations occur, on third parties, et cetera. Our ISROs have an adaptive mindset and are creative thinkers, while understanding the importance of compliance as well as the bigger picture of enterprise risk management.

    Qualifications

    Characteristics of a senior ISRO

    • Have a significant risk management expertise: infrastructure risk, cloud-related risk, business process risks …
    • Be a driver, risk champion, able to convince senior audience as well as find most suitable business balance
    • Eager to understand SWIFT’s strategy and supporting businesses.
    • Is able to see security risk in a bigger risk picture, and relate to business impact

    Skills required

    • Solid knowledge of a number of industry standards such as NIST, the ISO/IEC 2700x series, FAIR, SABSA
    • Ability to explain complex problems to business or senior audience
    • Unafraid of collaborative conflict; not every stakeholder will be easily managed and you should be confident in your skills to obtain their buy-in.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed