Information Security Risk Assurance Officer

Date: 08-Oct-2021

Location: Luxembourg, LU

Company: Deutsche Börse Group

Clearstream Banking S.A.

As an international central securities depository (ICSD) headquartered in Luxembourg, Clearstream Banking S.A. operates the post-trading business – i.e. issuance, settlement and custody – for the Eurobond market and services for securities from over 55 domestic markets worldwide.

 

Field of activity:

Clearstream is an international financial institution offering post-trade infrastructure and securities services for markets worldwide with more than €14 trillion in assets under custody and 2,500 customers in 110 countries. 

Clearstream Information Security (IS) second line of defense organization is responsible for information security governance, cyber resilience strategy, risk management and oversight, and assurance and compliance activities worldwide for legal entities, branches, and representative offices in scope with direct reporting lines to the corresponding executive boards.

 

The Information Security Risk Assurance Analyst will support the Chief Information Security Officer of Clearstream Banking S.A. in the implementation, maintenance and monitoring of a strategic and comprehensive Enterprise IS Risk Management Program within the Second Line of Defense that governs and enables IS Risk management activities, oversees risk profile and controls the effectiveness of remedial measures in accordance with internal policies, regulatory expectations and evolving business strategy.

Ensure that relevant cyber threats, significant security vulnerabilities, and security risks are identified, analyzed, tracked, reported, remediated by the First Line of Defense, and effective in reducing risk levels.  

 

Tasks/responsibilities:

  • Support the implementation and maintenance of the information security governance and risk assurance programs, including the analysis of the threat landscape, assessment of significant vulnerabilities, and reporting on risk profile. 
  • Complement existing risk and vulnerability assessments of planned and installed information systems to identify additional protection needs.
  • Analyze information security risk assurance-related outcome(s) and provide engineering and technical recommendations to mitigate weaknesses.
  • Actively and professionally engage with IT operations and IT/Business products to enable adequate risk decisions (with the support of a senior analyst).
  • Review the root-causes of security breaches and incidents, research and recommend changes to information security framework to strengthen policy requirements.
  • Develop an understanding of Post-trade business and progressively reframe technical risk discussions in business terms.
  • Contribute into security awareness and remedial efforts combining pragmatic approaches with sound judgment. 
  • Ensure employees and third parties understand, acknowledge, and fulfill all applicable information security policy requirements.

 

Qualifications/required skills:

  • Master’s degree in computer science, network security, or business informatics. 
  • 3 to 6 years of experience in information security risk management, IT security, physical security, and/or IT audit in the financial sector.
  • Penetration testing background (nice to have).
  • Strong ability to convey complex IT security issues, security risks, and compliance requirements in a manner that is easily understood and actionable. 
  • Demonstrate proven capabilities in vulnerabilities identification and risk analysis within a complex IT environment. 
  • Ability to constructively challenge dominant thoughts, processes, and implemented measures. 
  • Experience in providing value-added, actionable, and pragmatic recommendations.
  • Experience with information security regulatory compliance and information security risk management frameworks (e.g., ISO/IEC 27001/27002, COBIT, NIST, etc.)
  • Having good understanding of Clearstream mission, values, and strategy (nice to have).
  • Ability to develop a deep understanding of the business / IT operations and IS risk profile of the organization.
  • Ability to collaborate across multiple teams in a multicultural environment.
  • Ability to work on multiple deliverables with strict deadlines.
  • Excellent written and verbal communication skills.
  • Proficiency in written and spoken English, preferable at least basic knowledge of German and/or French.