Information Security Risk Manager

---

Job description

ABN AMRO Clearing

ABN AMRO Clearing Chicago (AACC) is a subsidiary of ABN AMRO Clearing Bank N.V. We are a global clearing firm that provides an integrated suite of financial services to professional trading participants in the global financial market. The core service offering consists of execution, clearing, financing, stock borrowing and lending, settlement and custody. Today we clear and finance over 16 million trades per day and cover 90 of the world's leading exchanges across Europe, the Americas, and Asia Pacific. Our international network provides comprehensive market access to exchange-listed instruments such as stocks, futures and options. It also covers non-exchange listed investment instruments and alternative products including bonds, OTC derivatives, warrants, forex, forwards, and energy and commodities. ABN AMRO Clearing consistently ranks among the top 3 clearers in every time zone, based on turnover and market share.

AACC Risk Management

AACC's mission is to provide safe and efficient access to capital markets around the world. The AACC Risk Management department ensures market surveillance and all market, credit, operational and enterprise risks of AACC are managed in line with the regulations and risk appetite. The department creates a culture and framework of risk awareness in order to achieve a sustainable profitable growth, building and keeping the trust and confidence of all stakeholders (clients, regulators, shareholders).

Information Security Risk Manager:

• Ensure successful implementation of the 2nd Line of Defense (LOD) Operational Risk Governance in accordance with ABN AMRO Clearing risk management policies and the 3 LOD model, with a specific focus on information security control framework
• Facilitate overview of information security key risks and controls, perform business reviews to assess level of internal control, and demonstrate that risks are managed within risk appetite, and advise management of the results and recommendations
• Assist with the implementation and monitoring of information security internal controls in accordance with the NIST framework
• Ensure successful implementation of information security risk management framework through deep dives, risk control self-assessment (RCSA), management actions, and development and testing of formal internal controls
• Facilitate periodic assessments to gather reliable information on the confidentiality, integrity and availability (CIA) of information assets; provide 2nd LOD opinion on outcomes
• Provide the framework and facilitate the review and revision of Information Security policies and procedures, and provide management with independent recommendations for enhancements
• Perform independent analysis and root cause investigations of security incidents and events, including trend analyses
• Identify and communicate control framework enhancements by keeping up with industry trends and monitoring changes in information security processes, systems, etc.

IT & Operational Risk Management (I&ORM) Analyst:

The Information Security Risk Manager (ISRM) also assists the I&ORM team with the implementation of the overall internal control framework and assists other team members with:

• Ensure successful implementation of the 2nd Line of Defense (LOD) Operational Risk Governance in accordance with ABN AMRO Clearing risk management policies and the 3 LOD model
• Facilitate overview of the firm's key risk and controls, perform business reviews to assess level of internal control, and demonstrate that risks are managed within risk appetite, and advise management of the results and recommendations
• Ensure successful implementation of operational risk management framework through deep dives, risk control self-assessment (RCSA), management actions, and development and testing of formal internal controls
• Generate management reporting dashboards - KRIs, CFTC RER, global dashboards (ERM, Global I&ORM, etc.) - providing independent challenge and validation of reported metrics and 2nd LOD opinion where appropriate
• Perform independent analysis and root cause investigations of operational incidents and trading errors, including trend analyses
• Assist with implementation of internal control framework for operational risk, information security, and business continuity

Requirements

• 5+ years of experience in Information Security, or financial or related industry
• Comprehensive knowledge of industry-wide IT standards such as NIST, ITIL, COBIT, etc.
• Knowledge of information security best practices, including cybersecurity with a focus in the financial industry
• Strong knowledge of information security management and of IT systems, processes and regulations
• Knowledge of Operational Risk Management, external regulations and auditing
• Knowledge of Bayesian statistics and applications preferred, but not desired
• Experience working with large data sets
• Knowledge of applicable US and international regulations and frameworks (e.g. SEC, FINRA, CFTC, NFA, MiFID, Basel II/III, Dodd-Frank, etc.)
• Comprehensive understanding of clearing processes, key risks, and internal controls
• Excellent communication, time management and organizational skills
• Minimum of a Bachelor's Degree in Information Technology, Accounting, Finance or business related field