Previous Job
CyberSecurity Engineer
Ref No.: 18-01310
Location: New York, New York
The Strategic Cost, Administration and BISO (Business Informatio Security Officer) team is a professional, business focused, proactive risk-based function within CIB (Corporate and Investment Bank) that operates with openness, transparency, integrity and independence.

The Business Information Security Officer (BISO) function is an integral part of CIB. It assists the business to identify, analyse, monitor and mitigate information security risks in order to meet the Audit and regulatory requirements. The team acts as interface between various CIB divisions and Central CISO team as well as with IT various second line functions (IRRM, VRM, Compliance, Legal, DPO, etc.). This requires interaction with stakeholders on daily basis. The role entails covering applications, organisation and region from information security perspective.

The position will be reporting to the GTB & CF Chief BISO.

Key Responsibilities
• Understand and analyze business setting from an information security perspective
• Perform risk assessments on complex applications, vendors, processes and projects from an information security perspective
• Identify security gaps, evaluate options for remediation, define and implement check points and compensating controls.
• Present assessments results and options to the business and discuss steps for resolution.
• Initiate and track risk acceptance process if required.
• Analyze and redesign access management processes (request and approval).
• Define and implement Segregation of Duties rules.
• Review of roles and application role concepts.
• Support on inquiries from internal and External Audit, regulators and clients.
• Advisory and support projects on information security questions.
• Advisory vendor relationships.
• Interact with and educate the business on information security risks and controls and handling sensitive data.
• Assist in assessing and determining appropriate controls on unstructured data hosted on internal and external data rooms.
• Conduct information security awareness sessions for stakeholders in CIB.
• Assist in designing and implementing control framework for third party applications.

Technical Skills • Thorough understanding of investment banking control environment
• Easiness with Microsoft Excel and Power Point
• Advanced presentation/interactive skills sufficient to convey complex conceptual information/ideas on issues requiring interpretation and opinion.
• Certifications such as CISM, CISSP.
Management Skills • Strong operational and people management skills, including the ability to operate within a diverse team.
• Excellent partnering skills and stakeholder management. The ability to successfully navigate a complex organisation, build strong relationships and work collaboratively with business and management teams and with other control functions.
• Comprehensive management / leadership skills, including the ability to motivate teams through demonstrable commitment to GTB success.

Experience • At least 6 years of experience in information security, operational risk, Audit, Consulting, etc.
• Background in the business or having strongly worked with a business unit
• Prior experience in a risk environment (e.g. in BISO, TISO, ORM, Audit, Data Privacy)
• Preferably knowledge of GTB products and its business areas
• Good understanding of major business and operational risk processes.
Personal Characteristics
• Strategic, however hands on in the detail (diligent).
• Unquestionable personal integrity and ethics.
• Excellent analytical and communication skills, oral and written.
• Independent in judgement, strongly self-motivated with the ability to challenge and be challenged whilst maintaining the highest levels of professionalism.
• Team player and strong networker.
• Flexible, open to change and to a global and diverse culture.