Reports to the Head of Infrastructure and Information Security
The purpose of this position is to provide jurisdictional management and support to the Aztec Information Security function to mitigate the Group’s information security risks through the information security management system and related ISO control framework as well as act as the Cloud Officer to provide oversight management of the cloud services and IT outsourcing in use across the Group.
Key responsibilities:
- Provide jurisdictional leadership of the information security function in Luxembourg, working with the Head of Infrastructure and Information Security to develop and enhance the Group security posture.
- Responsible for establishing security requirements, security designs and implementing solutions to protect the group information assets.
- Working closely with senior administration, IT infrastructure/applications teams, risk and compliance and end users to define objectives for information security
- Implementation, operation and maintenance of the information security management system based on the ISO/IEC 27000 series, including certification where applicable
- Performs information security risk assessments and assesses the control environment of the business processes and application under review, including both manual and automated processes in accordance with the information security program
- Keep abreast of security incidents and act as primary control point during information security incidents. Take a leading role in the Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidents that may arise
- Assists both internal and external audits relating to information security as well as performing independent audits to validate completeness and accuracy of the information security program
- Management and oversight of the Microsoft Cloud platforms including monitoring and assessment of the tools configurations to ensure compliance with Aztec standards and industry best practice
- Coordinate and track all information technology and security related audits including scope of audits, timelines, auditing providers and outcomes. Provide guidance, evaluation and feedback on audit responses as required
- Develops remediation and corrective action plans with related governance and operational functions (such as risk management, information technology, human resources, legal and compliance) plus senior and middle managers through the Group as necessary.
- Provide security updates to clients in the form of presentations and reports
- Manage and maintain the Cloud Register
- Assist with the development and operation of related security monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations
- Provide technical and security oversight management of the Cloud services and IT outsourcing arrangements across the Group
- Provide insight and oversight of projects implementing cloud services in Luxembourg to ensue compliance with the local regulations
- Maintain a clear picture of physical location of data assets in the cloud alongside evaluation, design and implementation of stringent cloud security and governance measures
- Build a strong collaborative relationship with business users and stakeholders to gain a deep understanding of the local business needs that are supported by IT outsourcing and cloud services
- Work with the IT Teams across the Group to ensure all systems utilised in Luxembourg adhere to local regulations
- Ensure appropriate preventative and detective controls are in place to meet local regulatory requirements.
Skills, knowledge, expertise:
- Relevant degree in IT (Bachelor or Master degree)
- At least 5 years’ experience in information security and / or related function
- Information Security qualification such as Certified Information Security Professional (CISSP)
- Up to date working knowledge and professional experience of information security issues and regulatory requirements affecting all locations in which the Group operates
- Strong analytical skills
- Good understanding of Microsoft Cloud Services including Azure and M365 as well as the Microsoft Cyber Security Framework.
- Excellent understanding of security threats and the methods, tools and techniques used for mitigating those threats
- Previous practical Cloud services experience within a financial services business
- An appreciation and understanding of the local Luxembourg cloud regulations, as defined by the CSSF, an appreciation of other jurisdictional requirements an added advantage
- A broad technical understanding of cloud services covering a wide range of applications and technologies
- Good understanding of technical operational principles when aligned to cloud services
- Strong internal and external communication and interpersonal skills, together with the ability to develop good working relationships within the business, the IT team and with other service providers
- A positive and proactive Cloud Support and Digital Transformation approach
- Proven ability to quickly learn new information, processes and procedures
- Proven ability to meet deadlines and identify and deal with problems
- Travel to other jurisdictional offices will be required
You will need to be quick to learn new systems and great with people, as close working relationships between our colleagues and clients is at the heart of what we do.
We will provide the training, both in house for relevant technical knowledge and also professional qualifications to enhance your professional development. You will need to be quick to learn new systems and great with people, as close working relationships between our colleagues and clients is at the heart of what we do.
*****
“For all accepted offers of employment with Aztec Financial Services (Luxembourg) S.A, candidates will be required to complete pre-screening requirements, including providing a criminal record certificate (extrait de casier judiciaire).”
*******