Job Description Summary
The Information Security Specialist - GRC & IAM is part of the Information Technology job family providing end-to-end technology across Euronext business.
Information Technology has a core responsibility for developing, supporting and protecting the key trading applications, and protecting Euronext systems from cyber-attacks and data theft.
The Information Security Specialist - GRC & IAM has key operational and development skills to ensure the successful implementation and maintenance of Information Security tools, processes and people.
Operating within the Information Security Governance Risk and Compliance (GRC) division, the selected candidate will be engaged in all areas of the business at Euronext.
Further, the boundaries of the role extend beyond Euronext’ perimeters where third parties exist and need to be engaged or responded to.
The function is heavily involved in the day to day running of the Information Security practice and wider programme across the organization.
Will be engaged to handle IT audits and risk assessments, third party reviews, compliance checking, and matters of both regulatory and legislative impact including matters relating to, but not limited to, data privacy, cyber legislation, and corporate security best practices.
Assisting with risk assessments and the risk management process by executing appropriate measures to manage and mitigate risks thus reducing the potential impact on information resources / assets.
Assisting with audit and review type activities whether orchestrated or initiated internally or externally by a third party.
Assisting with compliance matters or conflicts of interest relating to communicated security; Policy, Standards, Procedures, and Guidelines.
Identity and access management activities
The handling of exceptions to policy, standards, procedures, etc.
Assisting with the In-Take phase of all new projects and initiatives.
Assisting in the drafting and preparation of departmental security document sets.
Keeping track of policy and standards exceptions and the risks aligned to them.
Keep abreast of new risks and trends in the threat landscape that may need to be addressed within information security policies, procedures and standards
Assist with the coordination and support the delivery of ongoing security awareness and training through various tools and workshops.
The key accountabilities only describe the main activities and is not exhaustive. It evolves depending on the expertise level and ongoing projects.
In-depth technical knowledge in one of the following field of expertise :
Security knowledge of Windows and Linux operating systems and supporting infrastructure elements
Security knowledge of Microsoft cloud technologies
Security knowledge of AWS cloud technologies
Security knowledge of IAM technologies
Experience in managing and delivering projects
Experience in process improvement, re-engineering and root-cause analysis / resolution
Flexibility and ability to work in environments with changing priorities
5-10 years’ experience in an Information Security GRC / IAM role :
Established background in Information Security Risk
Established background in IT / Information Security Audit
Established background in Microsoft IAM / cloud technologies
Strong stakeholder management skills
The ability to interface across the organization with other teams and managers of all levels.
Analytical judgment and decision making skills
Strong background and knowledge of working with and implementing international security standards and frameworks, such as;
ISO27001, ISO27002, ISO27005.
Project management skills
Ability to assist with security education and awareness training sessions
Excellent written and verbal communications skills.
Excellent organisational skills.
Must work be able to work well under pressure and prioritise workload appropriately
Must be able to work well alone or as part of a team
Ability to adjust to changing priorities while multitasking effectively.
Ability to articulate complex security and privacy concepts to business users.
Ability to communicate with clients in a professional manner.
Working / technical knowledge of IT infrastructure and security specific controls.
Experience within the financial sector will be a benefit.
Security industry certifications, such as; CISSP, CISA, CRISC, CGEIT will be a benefit
We respect and value the people we work with
We are unified through a common purpose
We embrace diversity and strive for inclusion
We value transparency, communicate honestly and share information openly
We act with integrity in everything we do
We don’t hide our mistakes, and we learn from them
We act with a sense of urgency and decisiveness
We are adaptable, responsive and embrace change
We take smart risks
We are positively driven to make a difference and challenge the status quo
We focus on and encourage personal leadership
We motivate each other with our ambition
We deliver maximum value to our customers and stakeholders
We take ownership and are accountable for the outcome
We reward and celebrate performance
We are proud to be an equal opportunity employer. We do not discriminate against individuals on the basis of race, gender, age, citizenship, religion, sexual orientation, gender identity or expression, disability, or any other legally protected factor.
We value the unique talents of all our people, who come from diverse backgrounds with different personal experiences and points of view and we are committed to providing an environment of mutual respect.
This job description is only describing the main activities within a certain role and is not exhaustive. It does not prevent to add more tasks, projects.