Senior Information Security Risk Assurance Officer

Date: 08-Oct-2021

Location: Luxembourg, LU

Company: Deutsche Börse Group

Clearstream Banking S.A.

As an international central securities depository (ICSD) headquartered in Luxembourg, Clearstream Banking S.A. operates the post-trading business – i.e. issuance, settlement and custody – for the Eurobond market and services for securities from over 55 domestic markets worldwide.

 

Field of activity:

Clearstream is an international financial institution offering post-trade infrastructure and securities services for markets worldwide with more than €14 trillion in assets under custody and 2,500 customers in 110 countries. 

Clearstream Information Security (IS) second line of defense organization is responsible for information security governance, cyber resilience strategy, risk management and oversight, and assurance and compliance activities worldwide for legal entities, branches, and representative offices in scope with direct reporting lines to the corresponding executive boards.

 

The Senior Information Security Risk Assurance Analyst will support the Chief Information Security Officer of Clearstream Banking S.A. in the implementation, maintenance and monitoring of a strategic and comprehensive Enterprise IS Risk Management Program within the Second Line of Defense that governs and enables IS Risk management activities, oversees risk profile and controls the effectiveness of remedial measures in accordance with internal policies, regulatory expectations and evolving business strategy.

Ensure that IS risk controls are maintained, remediation programs are tracked and effective in reducing IS Risks and as needed, support cyber resilience and business initiatives, and interactions with regulators. 

 

Tasks/responsibilities:

  • Liaise with various stakeholders in IT and other functions to ensure effective implementation of the cyber resilience strategy and compliance with applicable regulations.
  • Support the implementation and maintenance of the information security governance and risk assurance programs, including the analysis of the threat landscape, assessment of significant vulnerabilities, and reporting on risk profile. 
  • Complement existing risk and vulnerability assessments of planned and installed information systems to identify additional protection needs.
  • Conduct New Initiatives reviews and risk assessments. 
  • Analyze information security risk assurance-related outcome(s) and provide engineering and technical recommendations to mitigate weaknesses.
  • Actively and professionally engage with IT operations and IT/Business products to enable adequate risk decisions (with the support of a senior analyst).
  • Oversee remediation activities and resolution of issues in (and out of) scope of the Information Security Program.
  • Review the root-causes of security breaches and incidents, research and recommend changes to information security framework to strengthen policy requirements.
  • Develop an understanding of Post-trade business and reframe technical risk discussions in business terms.
  • Contribute into security awareness and remedial efforts combining pragmatic approaches with sound judgment. 
  • Ensure employees and third parties understand, acknowledge, and fulfill all applicable information security policy requirements.

 

Qualifications/required skills:

  • Master’s degree in computer science, network security, or business informatics. 
  • Candidates should have a breadth of security risk management experience and security technologies (governance and operations) over 7+ years.
  • Strong ability to convey complex IT security issues, security risks, and compliance requirements in a manner that is easily understood and actionable. 
  • Demonstrate proven capabilities in vulnerabilities identification and risk analysis within a complex IT environment. 
  • Ability to constructively challenge dominant thoughts, processes, and implemented measures. 
  • Experience in providing value-added, actionable, and pragmatic recommendations.
  • Experience with information security regulatory compliance and information security risk management frameworks (e.g., ISO/IEC 27001/27002, COBIT, NIST, etc.)
  • Having good understanding of Clearstream mission, values, and strategy (nice to have).
  • Ability to develop a deep understanding of the business / IT operations and IS risk profile of the organization.
  • Ability to collaborate across multiple teams in a multicultural environment.
  • Ability to work on multiple deliverables with strict deadlines.
  • Excellent written and verbal communication skills.
  • Proficiency in written and spoken English, preferable at least basic knowledge of German and/or French.