Operating within the Information Security Governance Risk and Compliance (GRC) division, the successful candidate will find themselves engaged in all areas of the business at Euronext. Further, the boundaries of the role extend beyond Euronext’ perimeters where third parties exist and need to be engaged or responded to. The function is heavily involved in the day to day running of the Information Security practice and wider programme across the organisation. The successful candidate will be engaged to handle IT audits and risk assessments, third party reviews, compliance checking, and matters of both regulatory and legislative impact including matters relating to, but not limited to, data privacy, cyber legislation, and corporate security best practices.
- Assisting with risk assessments and the risk management process by executing appropriate measures to manage and mitigate risks thus reducing the potential impact on information resources / assets.
- Assisting with audit and review type activities whether orchestrated or initiated internally or externally by a third party.
- Assisting with compliance matters or conflicts of interest relating to communicated security; Policy, Standards, Procedures, and Guidelines.
- The handling of exceptions to policy, standards, procedures, etc
- Assisting with the In-Take phase of all new projects and initiatives.
- Assisting in the drafting and preparation of departmental security document sets.
- Keeping track of policy and standards exceptions and the risks aligned to them.
- Keep abreast of new risks and trends in the threat landscape that may need to be addressed within information security policies, procedures and standards.
- Assist with the coordination and support the delivery of ongoing security awareness and training through various tools and workshops.
Required Skills & Experience
- 10+ years’ experience in an InfoSec GRC role.
- Experience within the financial sector will be a considerable benefit.
- Past/proven experience managing a team of staff
- Ability to work with matters of a departmental nature relating to financials and budgets, etc.
- Established background in Information Security Risk
- Established background in IT / Information Security Audit
- Strong background and knowledge of working with and implementing international security standards and frameworks, such as; ISO27001, ISO27002, ISO27005, NIST, etc
- Strong stakeholder management skills
- The ability to interface across the organization with other teams and managers of all levels.
- Analytical, judgment, and decision making skills.
- Project management skills
- Ability to deliver security education and awareness training sessions and material
- Excellent written and verbal communications skills.
- Excellent organisational skills.
- Must be able to work well under pressure and prioritise workload appropriately
- Must be able to work well alone or as part of a team
- Ability to adjust to changing priorities while multitasking effectively.
- Ability to articulate complex security and privacy concepts to business users.
- Ability to communicate with clients in a professional manner.
- Working / technical knowledge of IT infrastructure and security specific controls.
- Desirable security industry certifications include; CISSP, CISM, CISA, CRISC, CGEIT
- We respect and value the people we work with
- We are unified through a common purpose
- We embrace diversity and strive for inclusion
- We value transparency, communicate honestly and share information openly
- We act with integrity in everything we do
- We don’t hide our mistakes, and we learn from them
- We act with a sense of urgency and decisiveness
- We are adaptable, responsive and embrace change
- We take smart risks
- We are positively driven to make a difference and challenge the status quo
- We focus on and encourage personal leadership
- We motivate each other with our ambition
- We deliver maximum value to our customers and stakeholders
- We take ownership and are accountable for the outcome
- We reward and celebrate performance