IT Security Officer
- Sydney, New South Wales, Australia
- Permanent, Full time
- ABN AMRO
- 25 Aug 17
ABN AMRO Clearing is designated as a specialised business within ABN AMRO and holds its own banking license (ABN AMRO Clearing Bank N.V.). Globally the company consists of about 800 FTE and is largely self-sufficient, organizing its own supporting organization. ABN AMRO Clearing plays an important infrastructural role in the financial markets. As such it is closely monitored by Regulators and Central Banks. This is augmented by the fact that ABN AMRO Clearing holds significant market shares in financial markets across the globe holding top spots in clearing on numerous exchanges in every region.
ABN AMRO Clearing Information Technology has a global focus with many programs on both a regional and global level. The organisation is
self-supporting, running its own projects, applications and hosting them from its own data centres across the globe. Architecture and portfolio management are global issues. IT development, maintenance, support and IT operations are provided by three regional organisations: IT Europe, IT USA and IT APAC.
Considering Information Technology as a main part of business services, the IT systems and processes have to meet ABN AMRO Clearing strategy demands and internal and external regulations. AAC IT APAC controls the information systems in/for Asia Pacific business in order to deliver efficient, agile and reliable IT services meeting the demands of ABN AMRO Clearing's clients.
To continuously improve the security of IT by using industry best practices such as security and control frameworks to:
- knowing what needs to be secured and assessing the effectiveness & efficiency of the current preventive security controls
- the implementation of preventive controls, where the minimum control level is defined by corporate policies, procedures and baselines
- the detection of security events as soon as possible after the events took place
- responding quickly and adequately to security events
- recovering from a security incident in a controlled and predictable way
Core activities and outcomes
- Work with the LISO to develop a security program and security projects that address identified risks and business security requirements.
- Manage the process of gathering, analysing and assessing the current and future threat landscape, as well as providing the CISO with a realistic overview of risks and threats in the enterprise environment.
- Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.
- Provide security communication, awareness and training for audiences, which may range from senior leaders to field staff.
- Manage security issues and incidents, and participate in problem and change management forums.
- Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
- Ensure the implementation of technical controls to support and enforce defined security policies.
- Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyse its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
- Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.
- Manage and coordinate operational components of incident management, including detection (monitoring), response and reporting.
- Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
- Manage security projects and provide expert guidance on security matters for other IT projects.
- Conduct assessments to evidence the effectiveness of IT security controls that are implemented on/in processes, procedures, software and hardware.
- Report periodically on the state of IT security to the CIO, CTO and LISO (who reports into the GISO). Collect metrics for IT security components on various dashboards.
- Oversight of and reporting on the use of Highly Priviledge Accounts (HPAs).
- Initiates and monitors periodical user access reviews for the IT owned systems.
Knowledge and experience
- Knowledge of information management at a bachelors / masters level or equivalent work experience
- Information security management qualifications such as CISSP
- Knowledge of industry wide IT standards (ITIL/COBIT)
- Knowledge of IT Security baselines ISO/IEC 27000 or higher
- Good understanding of standard hard and software solutions (linux, windows, vmware, x86 servers, firewalls, routers, switches etc.)
- Knowledge of the systems and IT processes of the AAC Region.
- Hands on experience with selecting, implementing and operating various security tools (SIEM, IAM, DLP, etc.)
- >5 years of IT experience, >2 years of experience in an information security role