Information Security Risk Manager, AVP
Description:
About ABN AMRO Clearing USA LLC
ABN AMRO Clearing USA LLC (AAC-USA) is a subsidiary of ABN AMRO Clearing Bank N.V., a global clearing firm that provides an integrated suite of financial services to professional trading participants in the global financial market. Our core service offerings consist of execution, clearing, financing, stock borrowing and lending, settlement and custody. Today we clear and finance over 16 million trades per day and cover 90 of the world’s leading exchanges across Europe, the Americas and Asia Pacific. Our international network provides comprehensive market access to exchange-listed instruments such as stocks, futures and options. It also covers non-exchange listed investment instruments and alternative products including bonds, OTC derivatives, warrants, forex, forwards, and energy and commodities. ABN AMRO Clearing consistently ranks among the top three clearers in every time zone, based on turnover and market share.
Job Overview
The Information Security Risk Manager will, in accordance with the Non-Financial Risk Policy & Framework, ensure the bank is resilient, in control and acts within the operational risk appetite, limiting losses while executing its business strategy under all circumstances. He/she will support a culture and framework of risk awareness to achieve a sustainable profitable growth, building and keeping the trust and confidence of all stakeholders (clients, regulators, shareholders).
Job Responsibilities
Ensure successful implementation of the 2nd Line of Defense (LOD) Operational Risk Governance in accordance with ABN AMRO Clearing risk management policies and the 3 LOD model, with a specific focus on information security control framework
Facilitate overview of information security key risks and controls, perform business reviews to assess level of internal control, and demonstrate that risks are managed within risk appetite, and advise management of the results and recommendations
Assist with the implementation and monitoring of information security internal controls in accordance with the NIST framework
Ensure successful implementation of information security risk management framework through deep dives, risk assessments (RA), management actions, and development and testing of formal internal controls
Facilitate periodic assessments to gather reliable information on the confidentiality, integrity and availability (CIA) of information assets; provide 2nd LOD opinion on outcomes
Provide the framework and facilitate the review and revision of Information Security policies and procedures, and provide management with independent recommendations for enhancements
Perform independent analysis and root cause investigations of security incidents and events, including trend analyses
Identify and communicate control framework enhancements by keeping up with industry trends and monitoring changes in information security processes, systems, etc.
The Information Security Risk Manager (ISRM) also assists the I&ORM team with the implementation of the overall internal control framework and assists other team members with:
Ensure successful implementation of the 2nd Line of Defense (LOD) Operational Risk Governance in accordance with ABN AMRO Clearing risk management policies and the 3 LOD model
Serve as 2nd line of defense Information Risk Management expert and point of contact for IT Business area
Develop and implement the 2nd LoD Information & Operational Risk Governance for IT Business area
Facilitate overview of the firms key risk and controls, perform business reviews to assess level of internal control, and demonstrate that risks are managed within risk appetite, and advise management of the results and recommendations
Ensure successful implementation of operational risk management framework through deep dives, risk assessment (RA), management actions, and development and testing of formal internal controls
Generate management reporting dashboards – KRIs, CFTC RER, global dashboards (ERM, Global I&ORM, etc) – providing independent challenge and validation of reported metrics and 2nd LOD opinion where appropriate
Perform independent analysis and root cause investigations of operational incidents and trading errors, including trend analyses
Assist with implementation of internal control framework for operational risk, information security, and business continuity
Job Requirements
Minimum of a Bachelors Degree in Information Technology, Accounting, Finance or business related field, Masters Degree preferred
Certified in Risk & Information Systems Control (CRISC), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP)
5 - 8+ years of experience in Information Security, or financial or related industry
Comprehensive knowledge of industry-wide IT standards such as NIST, ITIL, COBIT, etc.
Knowledge of information security best practices, including cybersecurity and cloud practices with a focus in the financial industry
Strong knowledge of information security management and of IT systems, processes and regulations
Knowledge of Operational Risk Management, external regulations and auditing
Knowledge of applicable US and international regulations and frameworks (e.g. SEC, FINRA, CFTC, NFA, MiFID, Basel II/III, Dodd-Frank, etc)
Comprehensive understanding of clearing processes, key risks, and internal controls
Excellent communication, time management and organizational skills
Perks and Benefits
As a global leader in financial services, we rely on the strengths of our employees to deliver their best work for our clients. We invest back in our employees by offering a host of benefits and perks.
Competitive health benefit offerings, including choice of three medical plans through BCBS-IL, dental, vision and flexible spending accounts
Complimentary annual membership to One Medical as well as an EAP
Robust 401(k) Plan with a generous match and vesting schedule
Use it or lose it pre-tax commuter benefits, corporate Divvy memberships and employer paid benefits such as term life and AD&D and disability insurance
Generous paid time off, sick days, a robust holiday schedule and parental leave plans.
Monthly wellness subsidy used towards wellness activities
Flexible hybrid work schedules
Open communication including regular Town Hall meetings with the Management Team
Forward-thinking, culture-based organization with collaborative teams that promote diversity, equity and inclusion
Free coffee & tea and “bagel Wednesday”
Employee-led Social and Philanthropy Committee to bring awareness and fun to the employees
Awesome office space with a large kitchen/meeting gathering area – including a foosball and ping pong table
Private, well-equipped Mother’s room
Office is conveniently located in the Chicago Loop Financial District – close to CTA and Metra
Well maintained building (an architectural “masterpiece”) and a part of Chicago history – also includes a robust business center with a café, game-room and a shared rooftop terrace with green space
This information is intended as a summary of potential benefits only. Eligibility for the plans and programs listed here depends on the nature of employment, length of service and other factors. Actual coverage is governed by supporting summary plan descriptions and related policies.
ABN AMRO Clearing USA (AAC-USA) is proud to be an equal opportunity employer. AAC-USA celebrates diversity and does not discriminate on the basis of actual or perceived race, creed, color, religion, alienage or national origin, ancestry, citizenship status, age, disability or handicap, sex, marital status, veteran status, sexual orientation, status as a victim of domestic violence, sex offenses or stalking, genetic predisposition or carrier status, gender identity or expression, or any other characteristic protected by applicable federal, state or local laws. We cultivate a culture of inclusion for all employees that respects individual strengths, views and experiences. We believe that our differences enable us to be a better and stronger team – one that makes better decisions and delivers better business results. Additionally, AAC-USA participates in the E-Verify program in the US.