Markets Governance, Risk and Controls Manager

The Role :-

• Support and advise on Information Security Management System (ISMS) and associated controls;
• Support and advise on management of risk and provide a transparent view of risk posture to stakeholders;
• Support and advise on compliance with relevant control standards, regulation and audit requirements;
• Provide Information Security Risk Assessment function to the business.
• Responsible for the oversight and monitoring of riskin line with the ISMS;
• Collaborates with security and audit teams to ensure controls are operating in line with policies.

Key Responsibilities :

• Document and monitor risk and control environment to identify existing and emerging risks and issues;
• Evaluate and document issues related to changes in the risk environment and risk priorities;
• Identify and aggregate thematic risk related to findings and trends, e.g. regulatory preparedness, thematic concerns;
• Engage Internal Audit to discuss risk posture and audit inputs;
• Communicate heightened risk that is relevant to stakeholders and customers to ensure transparency and appropriate prioritization for remediation;
• Understand legal and regulatory obligations relevant to the product and how the processes and associated controls provide evidence of compliance;
• Partner with business stakeholders to respond to customers, external audit and regulatory requests for information;
• Educate and advise on security policy, standards and procedures;
• Manage and maintain external certification activities.

Required Skills, Qualifications, and Experience :

• Working within the technical financial services industry, or other highly regulated industries
• Information security management, governance, and compliance principles, practices, laws, rules and regulations, e.g. NIST, ISO, NIS, DORA and GDPR;
• Information technology systems and processes, network infrastructure, data architecture, data processes and protocols;
• Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration, e.g. CIS, CSF;
• Information systems auditing, monitoring, controlling, and assessment process;
• Incident response management, e.g. ITIL;
• Risk assessment and management methodology, e.g., NIST, ISO 27005;
• Security training techniques and reporting activities.
• Developing and implementing enterprise governance, risk, and compliance strategy and solutions;
• Researching and understanding security information related to internal and external organizations using online and other sources;
• Management of technology vulnerability and threat information;
• Security project management and planning;
• Risk management, information security and audit management lifecycles.