Are you a seasoned cyber-security governance, risk and compliance professional? Are you the go-to cyber-security expert in your business?
If so, then join our cyber-security team as the first Business Information Security Officer in the Luxembourg office, where you will work to enable the business to achieve their goals securely, working independently and collaboratively within a global organization to deliver results.
The Business Information Security Officer (BISO) acts as a trusted advisor to the Senior Management of the Luxembourg Macquarie entities. You will serve as a point of contact for the local regulator (CSSF), and for internal customers, in particular risk, compliance, legal, privacy, internal and external audit teams. Reporting to the EMEA Regional CISO, you will be based in the Luxembourg office, and you will have the unique opportunity to work as part of a global team to contribute and make a positive impact on the cybersecurity compliance and governance activities of the Group, in addition to your local responsibilities.
Your Impact & Contribution:
In this role you will participate in compliance and process improvement initiatives that will increase the capabilities of the global Cyber-security team and the organization’s resilience to cyber threats, in Luxembourg and EMEA region.
Applying your analytical mindset, you will assess the implications of regulatory obligations and identify opportunities for the continued evolution and compliance of Macquarie’s cyber standards and controls.
You will develop shared collateral for communicating cyber-related issues to regulators, business, compliance, risk, and technology teams. As such, your communications skills and attention to detail will be of paramount importance.
In this role you will:
- Understand the security risks to which the business is exposed to, define remediation actions, including controls, and monitor the implementation of actions and the effectiveness of controls.
- Utilise your analytical excellence and exceptional attention to details to develop management information (KRIs/KPIs) and deliver periodic cyber-security reports to internal leadership, risk committees and local boards.
- Identify gaps between the cyber-security standards and the regulatory obligations of the EMEA region, including all relevant CSSF circulars (including but not limited to 12/552, 17/654, 17/656, 17/657, 20/758, 19/714) and EBA guidelines (EBA/GL/2019/02), and recommend remediation actions.
- Utilise your ability to collaborate as you engage with internal stakeholders and colleagues to ensure that cyber regulatory requirements are understood and met.
- Participate in responding to management, client and regulatory information requests on cyber-security risks and controls.
- Assist with assurance activities, audit planning and coordination, including regulatory examinations and certifications impacting the EMEA region.
- Provide cyber-security expertise to legal and commercial teams during contractual and other commercial activities.
What the ideal candidate should know/have experience with:
- The ideal candidate will have demonstrable experience in cyber security roles in a regulated industry (financial services an advantage) combined with experience in an audit or operational risk role
- Strong knowledge of the common information security frameworks (e.g. NIST CSF, NIST 800-53, ISO27001, CIS) is essential, as are a good understanding of non-financial risk management practices and of EU/UK privacy legislations (GDPR)
- Excellent communication and presentation skills with the ability to articulate cyber-security issues to non-technical stakeholders
- Self-starter, able to effectively partner with the business and work collaboratively with colleagues in multiples offices around the globe
- A mindset that is focused on championing an inclusive and diverse culture, understanding the importance of continuous improvement, and maintaining a commercial perspective.
It would be beneficial but not essential if you had:
- Bachelor’s degree in Information Technology, Cyber Security or a related area and complimented by industry qualifications (e.g. CISA, CRISC, CISM, CCSP, CISSP, SSCP, CIPP/E) or relevant postgraduate degrees will be advantageous.
- A second language such as French or German.
If this sounds like you, and you are ready to take the next step in your career, please apply online now.
About the Corporate Operations Group
The Corporate Operations Group brings together specialist support services in Digital Transformation & Data, Technology, Operations, Human Resources, Business Services, Business Improvement & Strategy, and the Macquarie Group Foundation. We deliver service excellence to ensure Macquarie is open for business, deliver on transformational change, invest in our people and have deep relationships with our customers.
Our commitment to Diversity, Equity and Inclusion
The diversity of our people is one of our greatest strengths. An inclusive and equitable workplace enables us to embrace that diversity to deliver more innovative and sustainable solutions for our people, clients, shareholders and communities. At Macquarie, you'll be encouraged to be yourself and supported to perform at your best. If you're inspired to deliver on our purpose of ‘empowering people to innovate and invest for a better future’, we want you on our team. If you need adjustments made to the recruitment process, please reach out to your recruiter.
As an inclusive employer, Macquarie does not discriminate on the grounds of age, disability, sex, sexual orientation, gender identity or expression, marriage, civil partnership, pregnancy, maternity, race (including colour and ethnic or national origins), religion or belief.
Joining Macquarie means you’ll be able to work in a way that suits you best. With the right technology, support and resources, our people can work in a range of flexible ways. Talk to us about what working arrangements would help you thrive.