Risk & Control Advisor

Social network you want to login/join with:

Euroclear is a global critical financial market infrastructure company.

Strong IT Risk Management and Security are at the core of the company’s services, firmly embedded in their management systems and processes.

The Regulatory Watch, Policies and Controls team is part of the Cyber Information Security Office Division and is in charge of driving the definition and implementation of the policy and control framework addressing the key IT and Security risks and ensuring compliance to all regulations and external requirements applicable to the Technology organization of the group.

Role

This role is focusing on the security control framework, covering all key security domains including Identity & Access Management, Vulnerability Management, Security Monitoring and Incident Management, Platform, Network and Application Security among others.

The Euroclear security control framework is built upon the ISO 27001/2 and CIS industry standards and is currently being implemented within the ServiceNow GRC platform. Your active role will encompass both defining and implementing controls during the change phase, as well as managing the control framework as it transitions to live operation for continuous monitoring, evidencing, and ongoing improvement during the run phase.

You will contribute to design, co-create and roll out effective controls addressing key risks and regulatory requirements across all security domains, advising and challenging control owners. By promoting and implementing controls you will help to improve the risk culture and control maturity in IT. You will work closely with security process owners, control owners and performers across IT divisions and locations, as well as liaise with second and third lines of defence (Risk Management and Internal Audit).

You have a strong risk mind-set, are a good relationship builder and want to play a critical role in the IT and Security Risk transformation and change roadmap. Proficient (oral and written) communication as well as influencing are part of your main skills.

Requirements

• University Master’s degree or equivalent experience (education in computer science, engineering or cybersecurity is a plus)
• 5+ years field experience in the security risk and control environment, preferably in controls design/implementation area in large/enterprise multi-platform-based IT environments
• Good knowledge of the key principles of the Information Security Management Systems and various Security Technology Domains such as Identity and Access Management, Network Security, Vulnerability Management, Endpoint Security, Data Protection, Security Incident Management
• Certifications in security such as CISSP, CISM, GIAC is a key advantage
• A good understanding and experience with ServiceNow GRC or equivalent solution is a strong asset
• Proficient knowledge of English (verbal, writing, presentation)
• You possess a strong risk and control attitude ; your thoroughness ensures consistently high-quality work.
• You have good communication skills, whether on the field, in the team or with management: you are a great teammate and coordinate work amongst people from different areas or divisions. A good relationship builder with diplomacy skills.
• You are a highly motivated self-starter and quick learner, and you can work proactively in an environment with challenging priorities.
• You are analytical and risk oriented. You know how to break down complex situations to address logical links and dependencies. You can distinguish essential information and summarize it accordingly.
• You have the ability to challenge and influence IT and Security experts. You acquire approval of others with good arguments, appropriate influencing methods and personal assertiveness (persuasion), constructively challenging and negotiating at levels up to middle management!