You are a crucial leader at CloudMargin, responsible for helping to establish and maintain CloudMargin’s risk management program against internationally recognised standards and help manage the communication process with clients.
You will be responsible for identifying and evaluating on information security risks to ensure CloudMargin’s data and information security processes are in line with industry best practice.
You will demonstrate an ability to work independently and in an organised manner. A pragmatist with the natural ability to balance security V business priorities. You will communicate very effectively and manage your workload independently. You will demonstrate strong technical ability and experience, as well as diplomacy and the ability to work calmly under pressure.
CloudMargin is an award winning, fast growing, ‘FinTech’ company offering an innovative Software-as-a-Service (SaaS) solution. Through our disruptive technology, our community of users benefit from our affordable, easy to deploy and scalable service. Our vision is to become the dominant provider of collateral management solutions to ALL market participants, irrespective of their size or the instruments they trade.
Backed by influential VC and corporate investors, our global team of nearly 100 work closely across product, technology and sales disciplines. Our flat structure and ethos of trust and communication means you’ll be engaged with many colleagues across the business and have the senior leadership team as one of your key stakeholders.
- Plan, executes and conduct ongoing risk assessment, self-assessment and reviews of various operations, including assessing risks, determining scope, executing test procedures, reporting results and making recommendations for improvement
- Acting as the lead for assessment of third-party risk
- Manage CloudMargin’s selection and pathway to a third-party information security certification (e.g. ISO27001)
- Own and coordinate responses to existing and prospective clients on regular and ad-hoc information security matters (RFP, RFI, annual security reviews)
- Evaluate compliance with legal, regulatory, operational and IT policies and procedures, and partners with stakeholders to develop sustainable remediation plans to compliance issues and control gaps, and actively drives issues and risks to closure.
- Work with others to help identify advanced security risks and exposures, determine the causes of security violations, designs and recommends solutions to prevent and mitigate future incidents. This will include identifying applications of functional knowledge and existing methodologies to highly complex problems.
- Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
- Evolve the operational risk monitoring program to identify opportunities for enhancements and manages the risk exception process.
- Manage, market, and lead information security awareness training
- Lead special projects and provides various ad-hoc reporting or analysis as needed
- 7 -10 years of experience in developing Risk Management program strategies, operating models, policies, standards and reporting structures/metrics
- Excellent aptitude for modern IT Risk & Compliance concepts and methodologies in a SaaS environment
- Strong ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to the business in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance
- Excellent knowledge of IT policies, laws, standards and frameworks applicable to the specific technical role e.g. ISO27001, ISO27017 and SOC.
- Working knowledge of IT risk, security architecture design, network security, cloud security, data security and internal/external threat intelligence/analysis
- Very strong verbal and non-verbal communication skills; able to communicate/present technical security details to a wide range of audiences including internal and external client base
- Able to develop risk management processes and workflows and then train and coach users of those workflows
- Information Security and/or Internal audit experience in a cloud-based vendor/relevant sector or a Big 4 auditor preferred
- Ideally CISSP or CISM qualified
- Can communicate effectively (both oral and written) and develop solid working relationships across internal teams and with key client groups
- Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part
- Strong decision-making capabilities, with a proven ability to prioritise decisions in a commercial manner