Disclaimer: open to employees only
Do you believe finance can be something more meaningful than just a bunch of greedy wolves fooling around with others money until a crisis happens? Would you like to build a world where everyone can access a user-friendly tool to grow their money fairly and according to their needs? Do you have what it takes for that? Great, because Gambit is currently recruiting! Gambit is at a turning point in its technological development, and is investing in its product, both from a technical and a functional point of view. We have the ambition to become a European market leader in investment advisory technology, by operating a Software as a Service for financial institutions in the cloud.
General
The role of the Information Security Manager is to implement and develop the Gambits information security strategy to safeguard the organization from potential threats (I.e. cybersecurity threats) and ensure compliance with relevant regulations.
The Information Security Manager reports hierarchically directly to the COO.
Role Description and Key Responsibilities The role-holder will:
Establish and enforce cybersecurity policies, standards, and procedures to mitigate risks and ensure compliance with relevant laws and regulations.
Identify, assess, and prioritize cybersecurity risks, and develop strategies to manage and mitigate these risks effectively.
Develop and oversee an incident response plan, coordinating responses to security incidents, and conducting post-incident analysis to improve resilience.
Implement ongoing security awareness training programsto educate employees about the latest cybersecurity threats and best practices.
Implement and manage a vulnerability management program to identify, assess, and remediate potential security vulnerabilities in software and systems.
Conduct regular security audits and assessments to ensure compliance with security policies and identify areas for improvement.
Assess and manage cybersecurity risks associated with third-party vendors and partners.
Implement and manage security monitoring tools* to detect and respond to security incidents in real-time in coordination with the Group CSIRT.
Coordinate action in the event of cybersecurity incidents and crises, ensuring that Gambits essential services are restored.
Apply the BNPP groups cybersecurity reference framework (policies, requirements, indicators, and control plans) and integrate entity-specific business lines needs and regulatory requirements into that framework.
Provide cybersecurity expertise and support to Gambits IT teams and IT production.
Carry out internal controls on IT production and suppliers to ensure that security measures are correctly implemented and applied, and that the entitys customer data and its sensitive IT assets are protected.
Work closely with the IT department and the CIO to integrate security practices into the development lifecycle* and promote a culture of secure coding.
Work with the entitys procurement and legal departments to ensure that information security obligations are included in agreements with third parties.
Ensure that security aspects are integrated into Gambits project management process* by introducing appropriate information security policies and practices.
Required Knowledge, Skills & Abilities Education & Experience
Bachelors or masters degree in computer science, cybersecurity, software engineering, or a related field. MBA or equivalent business experience is a plus.
Proven experience as an Information Security Manager in a senior information security leadership role within the IT sector.
In-depth understanding of cybersecurity technologies, protocols, and best practices. Industry certifications such as CISSP, CISM, or equivalent are highly desirable.
Strong understanding of cybersecurity laws, regulations, and best practices.
Strong knowledge of software development processes and methodologies.
Knowledge and understanding of financial markets, regulations, and industry-specific technology trends is a plus
Education & Experience
- Bachelors or masters degree in computer science, cybersecurity, software engineering, or a related field. MBA or equivalent business experience is a plus.
- Proven experience as an Information Security Manager or CISO in a senior information security leadership role within the IT sector.
<