Senior Information Risk Manager

Luxembourg, LU, L-2955

Purpose of the Job

 

Quintet Private Bank is a leading private bank in the wealth management sector; we are committed to our clients and their families, and pride ourselves on our personalised service based on a deep understanding of what clients want to achieve. Compared to others, we are small (<2,000 employees across 50 European and UK locations) with an ambition to stay true to our purpose to be the most trusted fiduciary of family wealth.  

When you join Quintet you are joining a company that values diversity of background, equal access to opportunities, career development, collaboration and inclusiveness. We want our employees to feel proud of being part of a company that is committed to do the right thing. You will have the opportunity to grow your career while developing personally and professionally through various resources and programmes.

 

The successful candidate will work as part of the Group CISO unit part of the CRO Function. The Senior information Risk Manager is in charge of supporting the IT Risk framework in the Organization. She/he acts as a trusted advisor on topics related to IT Risks Analysis and drive, control and monitor the good execution of the IT RA program, supporting the Head of IT Risks. She/he is in charge of 2nd Line of Defense type of controls, check & challenge, leveraging the Quintet Group IT Risk Framework as approved by the BoD. She/he supports the Group CISO and the head of IT Risks on the Strategic pillar “Deliver a Strong Risk Management”, providing the Organization a strong posture in IT Risk Management. She/he supports the CISO function on IT Risks reporting and act as a “liaison” officer with DPO, IT and Compliance. She/he supports regulatory reporting of the Group CISO unit, performing a continuous environmental and regulatory scanning of the Ecosystem.

Key Accountabilities

 

  • Support the Group Information Risk Control activities in the development/maintenance of information risk management frameworks/policies and in the control of implemented practices
  • Review and challenge information security risk assessments, for projects and major changes to identify possible misalignments/gaps with the Group information security risk appetite and policies
  • Regularly review compliance of the information security risk control framework to laws and regulations
  • Support the implementation and the promotion throughout the Group of the information security risk appetite, information security policies and information asset classifications
  • Collaborate to the reporting on information security risk status, direction proposals and exceptions
  • Deliver, jointly with the team, our yearly stock of IT Risks Analysis and keep inventory up to-date (requested on regular basis by Internal Audit and Regulators)
  • Support IT Risks Management Regulatory reporting's (PSD2 Security, ECB requests, etc.)
  • Ensure link between the Group CISO unit, Compliance, IT teams and DPO
  • Perform IT Risks-based Check and Challenge over 1st line assessments (RCSA, etc.)
  • Support preparation of the Group Information Risk and Security Committee and related Temporary Risk Acceptance documents
  • Create/review/update/track IT Risks Management and groupwide Cybersecurity policies
  • Perform daily follow-up of ERI registered items and reported LER incidents

 

Knowledge and Experience

 

  • Knowledge on key IT Risks frameworks (e.g.: ISO 27005, EBIOS, etc.)
  • IT Background is an advantage
  • IT Risks reporting
  • Cybersecurity Hygiene
  • IT risk and/or IT Audit background
  • Big4’s or Audit/Consulting firm experience is a plus
  • Minimum 5 years in a related role

Attributes and Qualities

 

  • Advisor profile
  • Ability to take a step back
  • Negotiation skills

Technical Skills

 

  • IT Risk Management, Cybersecurity Hygiene. IT Risks or Cybersecurity certifications are a plus (CISSP, etc.)

Languages Skills

 

  • Fluent in English, French or German or Dutch is an advantage