Head of Security Risk Management
Manassas, VA

Job Description

SWIFT provides the platform, messaging, standards, and products & services to over 10.500 customers in 215 countries and territories.

Our employees are the foundation of this success.

SWIFT has an unique corporate mindset, where diversity, personal development and networking are actively encouraged. And we think you'll like our office culture, built around the way we work to achieve a healthier work/life balance.

If you want to be part of our dynamic, multi-cultural institution with over 2400 employees of 75 nationalities, in 26 offices worldwide, then explore the vast opportunities, rewards and internationally competitive packages that we are waiting for you here at SWIFT.

Responsibilities

The Head of security risk officer management is part of the Chief Security Offcier team. Your role is to:

* align and develop best practices related to security risk management (aligned on NIST, ISO, ...)
* in close cooperation with CRO and Service security teams. She or he manages a small team of security risk experts

MORE UPDATES NEEDED

(ISRO) delivers a critical function because he or she ensures security risks are timely and adequately identified for startegical and business critical scope. You also coordinate the work of more junior team mates. What is more, you facilitate discussions that result in a prioritization of appropriate security controls. You work directly with internal departments to drive information security risk analysis and risk management processes. While risk ownership is with business, service or system owners, and thanks to your security expertise and understanding of controls, you are responsible for ensuring threats and associated risks are appropriately identified and consistently rated (rationale, repeatable, realistic).

Your activities range from continuously enhancing our internal processes (best practices, industry alignment, …) to running these processes in appropriate decision making flows (e.g. cloud sourcing, new product definition, system design changes). Beyond this operational role, you spot trends and recurring weaknesses by combining assessments over time, and can think strategically about pragmatical solutions to solve the root cause of a problem.

Your work　is essential in the harmonization of SWIFT's global risk framework, and it is your responsibility to educate people in that framework, and to flag digressions you spot. Eventually you own the end to end chain of security risk management: from proactively identifying risks, to monitoring mitigation, as well as by closely aligning with the compliance & control team to ensure the bigger questions are met from a policy and control effectiveness perspective. All of this in a dynamically changing environment as SWIFT is going through a number of business transformations such as API offering, real time services, Agile transformation and Cloud adoption.

SWIFT performs security risk assessments in a variety of circumstances: proactively based on new business initiatives, upon the identification of a new threat, in the context of an ISO 27001 ISMS, in projects, in changes made to the current environment, whenever policy deviations occur, on third parties, et cetera. Our ISROs have an adaptive mindset and are creative thinkers, while understanding the importance of compliance as well as the bigger picture of enterprise risk management.

Qualifications

Key Characteristics

* Broad expertise of risk management in critical infrastructure exposed to IT technology challenges, Internet, Cloud, ...
* Able to develop and articulate vision and at the same time progress iteratively and pragmatically in rolling out required pracgtices and processes
* Provide strong input to develop Information Security Strategy as well as support developement of Corporate strategy
* Track record of bringing change into organisation, specifically in support of business taking an active role as first line of defence