Senior IT & Security Risk Officer

SIX drives the transformation of financial markets.

What sets us apart drives us ahead: between local roots and global relevance, we are a unique blend of tradition and future, of foundation and growth. We value bright minds and inspire them to grow with their ideas. Come and shape the future of finance with us.

Madrid | Working from home up to 40% | Reference 7051

Do you want to work in a highly dynamic environment? Are you passionate about IT Risk Management and IT Control Monitoring and Assessment? Then our IT & Security Risk and Governance Team wants to hear from you! We are an international team, working in Spain and Switzerland. To fulfill our duties, we are seeking a highly skilled and experienced Senior IT & Security Risk Officer to join our team in Madrid. As the 2nd Line of Defense within SIX, Corporate Security is responsible company-wide for the design, maintenance and control of all Integral Security Risk guidelines and requirements (including Business Continuity Management, Physical Security as well as IT & Security risks for third parties). Additionally, we are responsible for the monitoring and independent assessment of IT and security specific key controls. We also support the implementation of various contractual, regulatory and legal security requirements (e.g. SWIFT, Internal Control System (ICS), PCI-DSS).

• Act as the CRO contact for Integral Security-related risks, ensuring comprehensive risk management practices and collaborate with various stakeholders to identify, assess, and mitigate Integral Security risks.
• Oversee the implementation of Integral Security risk measures and regular reporting to senior management.
• Conduct regular assessments and spot checks to ensure the effectiveness of IT controls.
• Conduct Independent Project Risk Assessments by evaluating project dimensions such as Scope, Time, Cost, Benefit realization, Resources, Risk, and Organization to ensure project objectives are met.
• Evaluate and challenge identified project risks, assess the effectiveness of defined mitigation measures, and suggest additional measures as necessary to ensure project success.

• Bachelor’s degree in Information Technology, Computer Science, or a related field.
• Several years of experience in IT risk management, ICS / IT controls and audit or compliance within the financial services industry.
• Excellent organizational and coordination skills, ability to identify and solve problems systematically and deliver sustainable results.
• Relevant certifications such as CRISC, CISM, CISSP, or CISA are highly desirable. Knowledge of COBIT, PCI-DSS, ISO/IEC 2700x, ISAE3402, ISF Standard of Good Practice is an advantage.
• Strong communication skills, both written and verbal, in English; Spanish or German is a plus.

If you have any questions, check out our FAQ page or call Yuliya Stoyko at +34 917095993.

For this vacancy we only accept direct applications.

Diversity is important to us. Therefore, we are looking to receiving applications regardless of any personal background.

Flexible Work Models
We trust our employees and offer a work environment that is well-balanced, productive and fosters success.

Personal Development
You will benefit from a culture of continuous learning and feedback. Your personal growth is supported through an extensive learning offering.

Agile Working Methods
Whether through scrum or design thinking, we solve exciting tasks together in teams.