Global Information Security Manager – IT Risk Management

At Intrum, you will grow by making a difference. You will do it in a highly international environment and in a supportive culture where effort counts.

The Global Information Security Manager (GISM) – IT Risk Management, is a key function in our efforts to protect digital assets and manage IT risks. This vital role involves (further) developing and maintaining the IT risk management framework, maintaining the risk register, and ensuring that IT and Information security risks are identified, assessed, and mitigated effectively. This includes executing risk assessment methodologies, supporting risk and control owners with strategic and operational expertise, and ensuring comprehensive metrics and reports including key performance and risk indicators are appropriately maintained.

This is a First Level of Defence (1LoD) role where you’ll be an IT Risk Subject Matter Expert within the Global Information Security function and working closely with various IT Services functions, conducting proactive and reactive IT risk assessments across multiple technology areas, recommending and facilitating appropriate responses and monitoring the delivery of any mitigations. You’ll engage with Risk Owners to agree the current Risk Profile and actions to be within appetite as required and act as primary point of contact for 2nd and 3rd line functions in relation to IT risk management related matters.

Job Description:

Principle Accountabilities

Key accountabilities include:

Identify and draw out technology risks through discussions, workshops, relevant meetings, and engagement with cross-functional IT Risk and Control owners. Identify, assess, manage and report on adherence to policy requirements and control effectiveness Undertake technology proactive and reactive risk assessments, or thematic reviews, and formulate recommendations to respond to identified technology risks, issues and events. Identify, anticipate and recommend the need for changes to methodologies/approaches in response to changing risk profiles and business needs, through the identification of emerging risks and through continuous assessment of the inherent and residual risk exposure. Modelling and continuous improvement of the risk profile, through the development of risk measurement methodologies. Engage with the Global Risk & Compliance team (2LoD), Internal Audit and senior stakeholders across the business to ensure Technology Services, IT and Information Security functions operate within the defined risk appetite and issues are remediated within the specified timelines. Provide strategic risk management advice on disruptive technologies and identify emerging risks associated with advances in technology and digital capabilities. Maintain the IT risk register and IT Risk Management tooling and support the development of relevant IT Risk management metrics and reports. Stay up to date on contemporary (cyber) threats and common vulnerabilities and present these as realistic risk scenarios and mitigation plans in a clear and concise manner both verbally and in writing.

Qualifications (education, skills, competences and experience)

3+ years’ experience in a leading position in managing and executing an enterprise (IT/Information Security) risk management or IT audit program, preferably within the financial or tech industry. 5+ years combined experience in a security, technology, and/or software engineering related role. Demonstrated experience with data security frameworks and regulatory standards including for instance; ISO27001/2, COBIT, NIST, PCI-DSS, GDPR. Relevant certification like for instance CISSP, CRISC, CISA or similar are considered to be an advantage. Effective English communication skills (verbal & written). Experience with developing risk and compliance reporting for a variety of audiences, including executive management, technical and non-technical. Demonstrated leadership skills with the experience of working effectively across various levels and different locations and stakeholders with different technical and/or security experience levels. Demonstrated broad conceptual understanding of security controls across all common (cyber) security domains such as organization, identity & access management, cryptography, vulnerability management, network security, etc. covering complex and highly -integrated on-prem and cloud implementations. Experience in working in a global, multi-national organization. Additional experience with global security operations and understanding the complexities of multi-regional compliance and data protection laws are an advantage.

Having Expected behaviours

Strong attention to detail. Strong communication skills. Quick learner, accurate and punctual. Able to work in a team and cooperate with others but able to work independently without direct supervision as well. Prepared for cross border cooperation. Result orientated. Self-motivated, enthusiastic and keen to learn and develop themselves. Not afraid to make decisions and take ownership. Being a passionate risk management and general security ambassador. Maintaining a high level of integrity (being trustworthy and handling sensitive information with care) Being curious, does not take things for granted and wants to understand the details when needed.

Do you feel that you might be the right person? Great! Apply now. Looking forward to hearing from you! 

Read Full Description