Previous Job
Previous
Business Information Security Officer
Ref No.: 18-18641
Location: New York, New York

Needs someone whose hands on to implement a wide variety of controls on applications.

More of controls implementation and oversight.

Needs someone who can interact with the business.

Looking for at least 1 certification.


The Strategic Cost, Administration and BISO team is a professional, business focused, proactive risk-based function within CIB that operates with openness, transparency, integrity and independence.

The Business Information Security Officer (BISO) function is an integral part of CIB. It assists the business to identify, analyse, monitor and mitigate information security risks in order to meet the Audit and regulatory requirements. The team acts as interface between various CIB divisions and Central CISO team as well as with IT various second line functions (IRRM, VRM, Compliance, Legal, DPO, etc.). This requires interaction with stakeholders on daily basis. The role entails covering applications, organisation and region from information security perspective.


• Understand and analyze business setting from an information security perspective
• Perform risk assessments on complex applications, vendors, processes and projects from an information security perspective
• Identify security gaps, evaluate options for remediation, define and implement check points and compensating controls.
• Present assessments results and options to the business and discuss steps for resolution.
• Initiate and track risk acceptance process if required.
• Analyze and redesign access management processes (request and approval).
• Define and implement Segregation of Duties rules.
• Review of roles and application role concepts.
• Support on inquiries from internal and External Audit, regulators and clients.
• Advisory and support projects on information security questions.
• Advisory vendor relationships.
• Interact with and educate the business on information security risks and controls and handling sensitive data.
• Assist in assessing and determining appropriate controls on unstructured data hosted on internal and external data rooms.
• Conduct information security awareness sessions for stakeholders in CIB.
• Assist in designing and implementing control framework for third party applications.


Certifications such as CISM, CISSP a plus


• Prior experience in a risk environment (e.g. in BISO, TISO, ORM, Audit, Data Privacy).
• Preferably knowledge of GTB products and its business areas.
• Good understanding of major business and operational risk processes.
• Strategic, however hands on in the detail (diligent).
• Unquestionable personal integrity and ethics.
• Excellent analytical and communication skills, oral and written.
• Independent in judgement, strongly self-motivated with the ability to challenge and be challenged whilst maintaining the highest levels of professionalism.
• Team player and strong networker.
• Flexible, open to change and to a global and diverse culture.