Information Security Manager- Frankfurt Information Security Manager- Frankfurt …

Jefferies
in Frankfurt am Main, Hessen, Germany
Permanent, Full time
Be the first to apply
Competitive
Jefferies
in Frankfurt am Main, Hessen, Germany
Permanent, Full time
Be the first to apply
Competitive
At Jefferies, information is an integral part of our activities. Global Information Security (GIS) group, part of the IT organization, has a mission to deliver products and services to protect all of Jefferies IT resources.

AVP - Information Security Manager for Frankfurt

Corporate title: AVP

Company

Jefferies, a global investment bank and securities firm, has served companies and their investors for nearly 50 years.  Headquartered in New York City, with offices in more than 25 cities around the world, Jefferies provides clients with capital markets and financial advisory services, institutional brokerage, securities research and asset management.  The firm is a leading provider of trade execution in equity, high yield, convertible and international securities for institutional investors and high net worth individuals. 

 

Team

At Jefferies, information is an integral part of our activities. Global Information Security (GIS) group, part of the IT organization, has a mission to deliver products and services to protect all of Jefferies IT resources. 

 

Role

We are looking for an individual who co-reports to the Head of International Information Security locally and globally to the Head of Technology Risk. This Technology Risk (IT Risk) role is primarily responsible with leading our day-to-day Global Information Security (GIS) group efforts that includes, but is not limited to, conducting risk assessments, conducting regular testing and inspection of our security control environment, evaluating strengths & weakness within existing controls, providing education regarding cyber security issues to employees, inspecting and evaluating vendor controls to ensure 3 parties are properly safeguarding our confidential information, addressing audit findings, and collaborating with our Information Technology (IT) counterparts to ensure enhancements are implemented in a timely and effective manner.

 

Key Responsibilities

 

The key responsibilities are:

 

  • Maintain security policies, standards, and guidelines to ensure each remains up-to-date. Ensure dissemination of security policies and practices is timely and comprehensive for internal/external clients
  • Work directly with business units to facilitate IT risk assessment and risk management processes, and work with internal stakeholders on identifying acceptable levels of residual risk. Enhance our existing information security management framework based on National Institute of Standards and Technology (NIST).
  • Enhance and facilitate information security awareness education programs for all employees, contractors and approved system users.
  • Provides IT risk guidance for projects, including the evaluation and recommendation of technical controls.
  • Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
  • Assist with managing the organization’s Vendor Management program which may include conducting reviews of vendor due diligence materials, conducting vendor site inspections & evaluations, and assess risks presented by third party relationships.
  • Liaison among the information security team and corporate compliance, audit, legal and HR management teams as required.
  • Assist with the organization current data security and incident monitoring activities and respond to control issues or end-user failures, where necessary.
  • Act as an Operational Risk Representative for Technology logging Technology incidents, generating reports and presenting to various committees and Senior Management
  • Support other IT Risk Management oriented activities as required.
  • Provide Line management to Security Operations Analyst and Security Administrator Analyst.

 

Qualifications

 

Person Specification

The following skills and experience are required for this role:

  • At 3 years of experience in the field of Information Security
  • Working experience in Security Assessment and/or Audit
  • CISSP, CISA, CISM, or equivalent certification is a plus
  • Solid IT background (IT degree holder preferred)
  • Ability to explain technical risks in a business context
  • Highly self-motivated and capable to work under pressure

Desired Characteristics

  • Experience with ISO, COBIT, FFEIC, RISK IT, NIST;
  • Demonstrated analytical and problem-solving skills.
  • Excellent communications and interpersonal skills.
  • Ability to effectively interact with a diverse group of IT Staff located in multiple sites, including proven effectiveness working with global teams.
Close
Loading...