SWIFT is world’s leading provider of secure financial messaging services. Our messaging platform, products and services connect more than 11,000 institutions. We enable our global community of users to communicate securely, exchanging standardized financial messages in a reliable way, thereby facilitating global and local financial flows, and supporting trade and commerce all around the world.
The Head of security risk officer management is part of the Chief Security Offcier team. Your role is to:
* align and develop best practices related to security risk management (aligned on NIST, ISO, ...)
* in close cooperation with CRO and Service security teams. She or he manages a small team of security risk experts
MORE UPDATES NEEDED
(ISRO) delivers a critical function because he or she ensures security risks are timely and adequately identified for startegical and business critical scope. You also coordinate the work of more junior team mates. What is more, you facilitate discussions that result in a prioritization of appropriate security controls. You work directly with internal departments to drive information security risk analysis and risk management processes. While risk ownership is with business, service or system owners, and thanks to your security expertise and understanding of controls, you are responsible for ensuring threats and associated risks are appropriately identified and consistently rated (rationale, repeatable, realistic).
Your activities range from continuously enhancing our internal processes (best practices, industry alignment, …) to running these processes in appropriate decision making flows (e.g. cloud sourcing, new product definition, system design changes). Beyond this operational role, you spot trends and recurring weaknesses by combining assessments over time, and can think strategically about pragmatical solutions to solve the root cause of a problem.
Your work is essential in the harmonization of SWIFT’s global risk framework, and it is your responsibility to educate people in that framework, and to flag digressions you spot. Eventually you own the end to end chain of security risk management: from proactively identifying risks, to monitoring mitigation, as well as by closely aligning with the compliance & control team to ensure the bigger questions are met from a policy and control effectiveness perspective. All of this in a dynamically changing environment as SWIFT is going through a number of business transformations such as API offering, real time services, Agile transformation and Cloud adoption.
SWIFT performs security risk assessments in a variety of circumstances: proactively based on new business initiatives, upon the identification of a new threat, in the context of an ISO 27001 ISMS, in projects, in changes made to the current environment, whenever policy deviations occur, on third parties, et cetera. Our ISROs have an adaptive mindset and are creative thinkers, while understanding the importance of compliance as well as the bigger picture of enterprise risk management.