Third Party IT Security & Risk Analyst - IT Security Manager Reference number: 2468

Job description

The IT Security Manager will be responsible for executing risk-based IT security controls for third-party assurance lifecycle, contract management, exit management, and ecosystem third-party security monitoring & alerting. The core skills required for this role include knowledge of customer, third-party, and connectivity ecosystems, security risk management, and control frameworks such as ISO 27000, NIST, CIS-18, and COBIT-5. The IT Security Manager should also possess soft skills such as leadership, interpersonal, collaborative, and change management abilities. IT Security certification is an advantage.

What you'll do

• The role will be responsible for execution of risk-based IT Security controls for Third Parties.
  
  Key responsibilities:
  
  Customer and Third-Party Assurance Lifecycle
  
  • Due Diligence - risk profiling, onboarding, re-certification
  • Contract Management - ensuring that the security expectations included in the contract are proportionate to the risk profiling
  • Exit Management - performance of necessary security checks at the end of a contractual agreement with a Third Party
  
• Ecosystem Third Party Security Monitoring & Alerting
  • Continuous, automated monitoring of Third Party related Cyber Threats with the potential to impact Euroclear. Monitoring is executed with the help Cyber Threat intelligence tools. The capability enables Euroclear to quickly act, limiting the risk of contagion or severity of impacts.
  • Continuous monitoring, alerting and incident management of external connections based on several distinct use-cases
  

Required skills

• Core Skills
  • Knowledge of the customer, third-party and connectivity ecosystems
  • Knowledge of security risk management
  • Knowledge of control frameworks, e.g., ISO 27000, NIST, CIS-18, COBIT-5
  • Knowledge of logging, monitoring and alerting is an advantage
  • Knowledge of similar ecosystem frameworks, e.g., SWIFT CSP is an advantage
  • Knowledge of financial markets, FMIs and CSD operations is an advantage
  
• • Knowledge of financial markets, FMIs and CSD operations is an advantage
  • Experience with supplier and supply chain due diligence framework, procedures, data gathering risk and control assessment.
  • Experience with contract review of information security schedules and terms
  • Knowledge of logging, monitoring and alerting is an advantage
  • Experience with ServiceNow GRC is an advantage
  • IT Security Certification such as CISSP, CSSLP, CCSP, CISM, CISMP, GCIH, CEH, etc. is an advantage
• Soft Skills
  • Leadership. Be an inspiring and engaging leader by providing strategy and direction to team members, by showing business acumen, by possessing self-reflection and by being results-driven
  • Interpersonal. Be self-motivated and proactive, have strong, innovative and creative problem-solving skills, be open and welcoming to change, work comfortably in a constantly evolving environment and have an ability to remain calm under pressure and in the face of uncertainty.
  • Collaborati