Department

Working in the Information Security Team, the successful candidate will find themselves engaged in all areas of the business at Euronext. Further, the boundaries of the role extend beyond Euronext’ perimeters where third parties exist and need to be engaged or responded to.

The function is heavily involved in the day to day running of the Information Security practice and wider security programme across the organisation based on global recognized frameworks (e.g. ISO27001, Cobit, NIST).

Job Summary

The successful candidate will be engaged to handle and manage IT Audits and Risk Assessments, IT Security Architecture, IT security monitoring, third party reviews, compliance checking, and matters of both regulatory and legislative impact including matters relating to, but not limited to, data privacy, cyber legislation, and corporate security best practices.

A high degree of independence will be afforded to the candidate, who will be working on key projects across the organisation. The candidate must have an in-depth security background and work alongside other information security teams from both inside InfoSec and outside in other IT teams.

The candidate will also work very closely with business side staff in the form of executive project sponsors, business analysts, enterprise architects, and project managers. The role will be engaged as a primary resource on a project from conception through to delivery and beyond. Heavily engaged in project engagement processes to establish the security requirements and controls of an initiative, risk assess the requirements, and deliver high and low level security solutions and designs.

The successful candidate must have a deep knowledge of all areas of IT technologies, infrastructures, and business systems, coupled with exceptional InfoSec skills. In addition, a thorough understanding of the threat landscape and all security controls that can be used to realise security protection against threat vectors.

Candidates must have strong stakeholders management skills and be prepared to present prepared risk analysis results and solutions to all levels of staff and management.

Key Accountabilities

• Assisting with the implementation and maintenance of the Information Security Programme;
• Assisting with efforts to align internal security practices with industry best practices and security frameworks commensurate with strategy and the expectations of our clients and regulators;
• The handling of project / initiative requirements and processing and communication of requirements;
• Risk assessment of projects and initiatives;
• The creation, communication, and handling of the approval for Security Solutions created;
• The subject matter expert for all assigned projects and initiatives;
• The creation of security design documents and diagrams for all projects and initiatives;
• Responsible for profiling the entire IT/Systems estates, and the assessment of the same for security gaps given your deep knowledge of the threats, vulnerabilities and controls in play;
• Stay abreast of the threat landscape specific to Euronext and adjust/draft solutions designs according to developments in this space;
• Timely and accurate reporting of the current state of all assigned projects/initiatives;
• Assisting with risk assessments and the risk management process by executing appropriate measures to manage and mitigate risks thus reducing the potential impact on information processing resources and assets;
• Ensure the Information Security Risk register is up to date, tracked, and presented on a regular basis to management. Working through action plans to conclusion with all stakeholders;
• Assisting with audit activities whether orchestrated internally or externally by a third party;
• Assisting with compliance matters or conflicts of interest relating to communicated; Policy, Standards, Procedures, and Guidelines;
• Assisting in the drafting and preparation of departmental security document sets;
• Keeping track of policy and standards exceptions and the risks aligned to them;
• Keep abreast of new risks and trends in the threat landscape that may need to be addressed within information security policies, procedures and standards;
• Exhibit a broad knowledge of security compliance and auditing frameworks and apply those to formulate policies, procedures and standards;
• The delivery of ongoing security awareness and training through various tools and workshops;
• Ownership and oversight of all controls owned by InfoSec, including the approval point for all change efforts, etc, that might impact any such controls.

Profile and Skills

• 5 to 10+ years’ experience in a specific Information security role (e.g. related ISO 27001 consultant / projects);
• Experience within the financial sector will be a considerable benefit;
• Past/proven experience working in a team;
• Established background in Information Security Risks processes and in IT/Information Security Audit;
• Strong background and knowledge of working with and implementing international security standards and frameworks, such as; ISO27001, ISO27002, ISO27005, NIST, Cobit 5, etc.;
• Strong stakeholder management skills;
• The ability to interface across the organization with other teams and managers of all levels;
• Analytical judgment, decision making and project management skills;
• Ability to deliver security education and awareness training sessions and material;
• Excellent written/verbal communications skills and organisational skills;
• Must be able to work well under pressure, prioritise workload appropriately and work well alone or as part of a team;
• Ability to adjust to changing priorities while multitasking effectively and to articulate complex security and privacy concepts to business users;
• Ability to communicate with clients in a professional manner;
• Working/technical knowledge of IT infrastructure and security specific controls;
• Security industry certifications are considered a plus, e.g. include; CISA, CISM, CRISC, CGEIT, Cobit 5, ISO 27001 or other security / ISO related certifications.