Information security manager- frankfurt (Frankfurt)

AVP Information Security Manager for Frankfurt Corporate title: AVP
Company Jefferies, a global investment bank and securities firm,
has served companies and their investors for nearly 50 years.
Headquartered in New York City, with offices in more than 25 cities
around the world, Jefferies provides clients with capital markets
and financial advisory services, institutional brokerage,
securities research and asset management. The firm is a leading
provider of trade execution in equity, high yield, convertible and
international securities for institutional investors and high net
worth individuals. Team At Jefferies, information is an integral
part of our activities. Global Information Security (GIS) group,
part of the IT organization, has a mission to deliver products and
services to protect all of Jefferies IT resources. Role We are
looking for an individual who co-reports to the Head of
International Information Security locally and globally to the Head
of Technology Risk. This Technology Risk (IT Risk) role is
primarily responsible with leading our day-to-day Global
Information Security (GIS) group efforts that includes, but is not
limited to, conducting risk assessments, conducting regular testing
and inspection of our security control environment, evaluating
strengths & weakness within existing controls, providing
education regarding cyber security issues to employees, inspecting
and evaluating vendor controls to ensure 3 parties are properly
safeguarding our confidential information, addressing audit
findings, and collaborating with our Information Technology (IT)
counterparts to ensure enhancements are implemented in a timely and
effective manner. Key Responsibilities The key responsibilities
are: Maintain security policies, standards, and guidelines to
ensure each remains up-to-date. Ensure dissemination of security
policies and practices is timely and comprehensive for
internal/external clients Work directly with business units to
facilitate IT risk assessment and risk management processes, and
work with internal stakeholders on identifying acceptable levels of
residual risk. Enhance our existing information security management
framework based on National Institute of Standards and Technology
(NIST). Enhance and facilitate information security awareness
education programs for all employees, contractors and approved
system users. Provides IT risk guidance for projects, including the
evaluation and recommendation of technical controls. Ensure that
security programs are in compliance with relevant laws, regulations
and policies to minimize or eliminate risk and audit findings.
Assist with managing the organization’s Vendor Management program
which may include conducting reviews of vendor due diligence
materials, conducting vendor site inspections & evaluations,
and assess risks presented by third party relationships. Liaison
among the information security team and corporate compliance,
audit, legal and HR management teams as required. Assist with the
organization current data security and incident monitoring
activities and respond to control issues or end-user failures,
where necessary. Act as an Operational Risk Representative for
Technology logging Technology incidents, generating reports and
presenting to various committees and Senior Management Support
other IT Risk Management oriented activities as required. Provide
Line management to Security Operations Analyst and Security
Administrator Analyst. Qualifications Person Specification The
following skills and experience are required for this role: At 3
years of experience in the field of Information Security Working
experience in Security Assessment and/or Audit CISSP, CISA, CISM,
or equivalent certification is a plus Solid IT background (IT
degree holder preferred) Ability to explain technical risks in a
business context Highly self-motivated and capable to work under
pressure Desired Characteristics Experience with ISO, COBIT, FFEIC,
RISK IT, NIST; Demonstrated analytical and problem-solving skills.
Excellent communications and interpersonal skills. Ability to
effectively interact with a diverse group of IT Staff located in
multiple sites, including proven effectiveness working with global
teams.