Tuesday, January 31, 2017

Information Security Officer

As a member of the global Information Security department, the Information Security Officer for the Americas contributes to Information Security activities at a global level and supports the appropriate implementation of the Information Security policies and initiatives in the US (Orinda, CA, Greenwich, CO, New York and Mexico City).

• Contribute to the information security strategy and the information governance framework by identifying local specifics and requirements; • Promote Information Security communication and awareness in the US in accordance with the global communication plan and local specificities • Monitor local information and systems risks through supporting the risk analysis of information, systems and applications, defining and updating the global and local information and systems risks map in accordance with the Risk and Controls department, and carrying out the relevant reporting and monitoring of risk mitigation actions • Take part in control reviews to evaluate whether Functional and Technical Support and Project activities managed by the IT Department are carried out in line with the approved and validated Information Security strategy and related roadmaps; the Information security standards and policies; and the approved risk-appetite framework • Contribute to the definition of a flexible annual control plan, taking into account any risk or control concerns identified by the Senior Information Security Officer for the USA, management or any other relevant person or committee • Provide advice to local users and IT teams • Contribute locally to the incident processes and activities to support the global operational support team in case of an incident • Contribute to the definitions of security policies adapted from standards and assist IT experts and the business to adapt standards and policies into operational procedures • Represent the Global Information Security department in the local governance instances

Education/Qualifications • Bachelor’s degree-level education or equivalent • A recognized certification (CISSP, CISA, CISM) would be a plus Experience • Relevant experience in Information Security • Experience in IT audit (internal or external) would be a plus • Experience in financial services institution or in an asset manager would be a plus • Experience in an international and multicultural environment would be a plus Knowledge and Skills • Good knowledge on organizational and governance of information security: policy definition / risk management / control • Good knowledge in technical information security: network security, system security, application security Competencies • Client focus: ability to understand and take into account various business context and situations, and to translate them into security analysis • Excellent written and oral communication skills • Team spirit / positive attitude • Autonomous • A good level in French (oral) would be a plus