• Head of Security Risk Management

    Job Locations US-Manassas
    Job ID
    2019-5992
    Category
    Customer support (technical)
  • Company & department description

    About SWIFT

    SWIFT is world’s leading provider of secure financial messaging services. Our messaging platform, products and services connect more than 11,000 institutions. We enable our global community of users to communicate securely, exchanging standardized financial messages in a reliable way, thereby facilitating global and local financial flows, and supporting trade and commerce all around the world.

    2,800+
    employees

    70+
    nationalities

    200+
    countries

    25
    global offices

     

     

    Responsibilities

    The Head of security risk officer management is part of the Chief Security Offcier team. Your role is to:

    * align and develop best practices related to security risk management (aligned on NIST, ISO, ...)

    * in close cooperation with CRO and Service security teams. She or he manages a small team of security risk experts

     

    MORE UPDATES NEEDED

     

    (ISRO) delivers a critical function because he or she ensures security risks are timely and adequately identified for startegical and business critical scope. You also coordinate the work of more junior team mates. What is more, you facilitate discussions that result in a prioritization of appropriate security controls. You work directly with internal departments to drive information security risk analysis and risk management processes. While risk ownership is with business, service or system owners, and thanks to your security expertise and understanding of controls, you are responsible for ensuring threats and associated risks are appropriately identified and consistently rated (rationale, repeatable, realistic).

    Your activities range from continuously enhancing our internal processes (best practices, industry alignment, …) to running these processes in appropriate decision making flows (e.g. cloud sourcing, new product definition, system design changes). Beyond this operational role, you spot trends and recurring weaknesses by combining assessments over time, and can think strategically about pragmatical solutions to solve the root cause of a problem.  

    Your work is essential in the harmonization of SWIFT’s global risk framework, and it is your responsibility to educate people in that framework, and to flag digressions you spot. Eventually you own the end to end chain of security risk management: from proactively identifying risks, to monitoring mitigation, as well as by closely aligning with the compliance & control team to ensure the bigger questions are met from a policy and control effectiveness perspective. All of this in a dynamically changing environment as SWIFT is going through a number of business transformations such as API offering, real time services, Agile transformation and Cloud adoption.

    SWIFT performs security risk assessments in a variety of circumstances: proactively based on new business initiatives, upon the identification of a new threat, in the context of an ISO 27001 ISMS, in projects, in changes made to the current environment, whenever policy deviations occur, on third parties, et cetera. Our ISROs have an adaptive mindset and are creative thinkers, while understanding the importance of compliance as well as the bigger picture of enterprise risk management.

    Qualifications

    Key Characteristics

    • Broad expertise of risk management in critical infrastructure exposed to IT technology challenges, Internet, Cloud, ...
    • Able to develop and articulate vision and at the same time progress iteratively and pragmatically in rolling out required pracgtices and processes
    • Provide strong input to develop Information Security Strategy as well as support developement of Corporate strategy
    • Track record of bringing change into organisation, specifically in support of business taking an active role as first line of defence

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed