Scope and Purpose
The Information Security Officer defines the Information Security and Cybersecurity objectives for the Information Security Program and monitors compliance with such objectives.
The ISO operates in strict cooperation with the Head Office, so to direct the planning, development, implementation and monitoring of security for enterprise information systems.
The ISO also develops and implements security training and awareness programs to educate employees about information security and cybersecurity solutions and requirements.Specific accountabilities :
Responsible for the oversight of the state of information security and cybersecurity for applications, and provides periodic reports (at least annually) on the state of information security to the Board of Directors / Top management
Adopt, implement and update Cybersecurity policies, rules, processes and procedures in line with Head Office regulatory Framework.
In reporting to the Top management, considers to the extent applicable the confidentiality of Nonpublic Information and the integrity and security of Information Systems, the cybersecurity policies and procedures, the material cyber risks, the overall effectiveness of information security and cybersecurity program and possible material cybersecurity events involving the Legal Entity
Works strategically with the Head Office to ensure that all aspects of information security and cybersecurity are properly monitored and that security projects and tasks are properly coordinated
Performs continuous monitoring of Information Security and Cybersecurity programs to ensure compliance with objectives, policies and procedures
Identifies and evaluates changes in local regulations, as well as trends in the Information Security and Cybersecurity marketplace, such as new products, new attacks and new countermeasures for applicability inside the Legal Entity's environment
In cooperation with the Head Office develops, disseminates, and maintains Information Security and Cybersecurity objectives that define baseline policies regarding Information Security at the Legal Entity
Ensure the local execution of Business Continuity activities, including periodical Business Impact Analysis, tests and reporting, in line with Group model.
Works with information owners in business units to determine appropriate security objectives for securable resources
Monitors network activity for malicious activity
Monitors and evaluates vulnerability reports, vendor hot-fixes, and vendor patches for applicability to deployed technologies
Monitors the process of creating, changing, or removing user access across all systems
Monitors the access control program. Ensures that all appropriate documentation pertaining to the recording of account creations, deletions, and permissions are correctly maintained and approved
Monitors that all user passwords adhere to the password requirements
Is directly responsible for the Information Security Training Program
Minimum 10 years in the information security and cybersecurity environment, preferably in a Financial Institution
Experience in technology and application development that transitioned in a leading application and information security role
Experience in developing and delivering Information Security and Cybersecurity awareness programs
Bachelor's in Computer Science, Information Technology or related field
Master's degree a plus
CISSP / CISM certification preferable
Must display subject matter experience in application security, vulnerability testing and system testing
Solid background in assuring high level of Information Security management and Business Continuity management in an organization
I.T. / Info / Cyber Security risk management experience and direct participation in related risk management processes, including application risk classification and application control assessments
Knowledge of financial industry products and related IT platform, a plus
Strong communication skills
Attitudes : Goal oriented, Problem Solving, Teamworking
Everyone is an asset for our Group and that person could be you! Check out our job opportunities, apply and join our team!