Information Risk Specialist

R3

As the Information Security Risk Specialist, you shall support the Information Risk Manager which has responsibility for all Governance Risk and Compliance activities across R3 in the designing of app

As the Information Security Risk Specialist, you shall support the Information Risk Manager which has responsibility for all Governance Risk and Compliance activities across R3 in the designing of appropriate policies and organisational controls within R3. You will ensure that the control environment supports R3’s mission of enterprise software vendor, operator of the Corda Network and Managed Services provider.

You’ll be used to working in environments with mature security controls but have the insight to bring a risk-based approach to a fast-moving company with a start-up culture. This is an opportunity to help “write the book” on building security assurance and good security practices for enterprise blockchain. If this sounds like you, read on…

Day to day

  • Support the Information Risk Manager in the delivery of security governance, risk and compliance activities across R3 globally.
  • Drive the different types of security risk assessments across different business lines and manage risks via the risk register.
  • Ensure assurance activities are appropriately implemented acrodifferent business lines, and as required, you will be required to test the effectiveness of those controls.
  • Conduct security assessments and due diligence activities of critical 3rd party suppliers/vendors. This shall include liaising with key stakeholders such as IT, Legal and Business Resources.
  • Support customer due diligence activities, contract reviews and customer security review activities as necessary.
  • Support the Information Risk Manager and the wider Security team in the development, operation, and maintenance of R3’s security control environment (ISMS) including information security policies, standards, and guidelines.
  • Identify emerging security requirements from R3 clients and ensure that capabilities to meet those are baked-in to R3 products and services.
  • Have a firm understanding of implementing mature security controls/practices across the organisation and engaging with stakeholders across the business.

You…

  • You’ll have 3/5 years of experience in a direct information security role specialising in governance, risk and compliance activities.
  • We believe that we work better as a team, and hope you share that belief. You’ll be working in a diverse group of people with veried of skills and backgrounds, a high level of emotional intelligence will be assumed.
  • You’ll need excellent communication skills, both verbal and written. You should be confident in explaining security terms and principles to an audience who may not be familiar with the underlying concept
  • You will assist in defining the ISMS and controls assurance environment creating the appropriate documentation/evidence to support external assessments of R3.
  • Working knowledge of ISO 27000 or NIST Cyber Security Framework would be great, but experience with other recognised standards will be acceptable.
  • You should have worked in an organisation certified to ISO 27001 or gained SOC2 certification. You will have been part of this journey and understand the controls needed to achieve different certifications.
  • A firm understanding of the security practices which should be adopted for different legal and regulatory requirements such as PCI-DSS, GDPR, or different regulatory bodies.
  • Have responsibility for conducting security assurance/assessment activities and able to demonstrate process improvements to enhance the maturity of security controls.
  • Financial services experience would be ideal, but experience in organisations with a mature security environment would be preferable too e.g. large consultancy firms, telecoms, pharmaceuticals or critical infrastructure.
  • You will have a solid appreciation of the variety of technical controls available to R3 including endpoint security, identity and access management, network security controls (firewalls, VPN), intrusion detection and security event management/log analysis tools. You won’t be expected to be hands-on with these tools, but you’ll certainly need to be aware of how they fit within the control environment which you will help to design and operate.
  • An MSc in Information Security or a CISSP, CISM, CSA. Appropriate career experience is just as important though. Be prepared to tell us all about that experience.

Leave a Reply