Chief Information Security Officer

Quintet Luxembourg, Luxembourg, LUX, L-2955
Stroke 3Created with Sketch.
< Back to search Apply Now

Purpose of the Job

 

Quintet Private Bank is a leading private bank in the wealth management sector; we are committed to our clients and their families, and pride ourselves on our personalized service based on a deep understanding of our clients’ requirements. We are small enough to be agile and responsive to client needs, but large enough (around 2,000 employees across 50 European and UK locations) to provide global access banking services.  Our purpose to be the most trusted fiduciary of family wealth. 
The Chief Information Security Officer is responsible for the development and maintenance of Group Information Security Strategy and the cyber, IT and information security risk framework at group level. The CISO monitors the implementation and status of the information security risk measures through key risk indicators, assessing the internal and external threat landscape and risks to the bank. Reporting to the Group Chief Risk Officer, and as member of the Group Risk senior leadership team, the CISO supports and contributes to the definition of the Risk strategy and appetite, works closely with IT and other colleagues in the group, represents information security risk to the highest level of internal and external stakeholders (for example, Boards and regulators), and leads a team of security experts/officers to fulfil the cyber and information security risk, and IT risk management requirements of the Quintet Group.

Key Accountabilities

 

  • Establishes and maintain governance and oversight.
  • Maintain the Cybersecurity Framework and the IT Risks Framework.
  • Sets and operates IT Risks Management and the Group policies’ set.
  • Act as a 2nd Line of Defense (LoD) with strong connection with 1st LoD.
  • Manages the crisis in the event of a cyber-attack.
  • Reports to senior management and the Board regularly, at least quarterly, and on an ad hoc basis on the status of cyber resilience issues. This status report includes, for example, an evaluation of the cyber resilience situation compared with the last report, information about cyber resilience projects, key risks indicators, Threat landscape, cyber incidents and the results of penetration and red team tests.
  • Manages a team of security and it risks experts/officers. Oversees their role working on projects, provides leadership and guidance and is accountable for reviewing high-level deliverables across projects involving IT, Risks and other business lines of the Group.
  • Organizes regular monitoring of audit recommendations related to information security across the group, provide guidance on action plans proposed to the Audit department. 
  • Collaborates with staff to prepare and review IT risk analysis performed, drive risk analysis process, and increase awareness within business lines.
  • Participates in projects relevant to cyber resilience (e.g. monitoring security testing for new components before entering production). 
  • Ensures cross-entity and cross-project consistency.
  • Ensures awareness across the group on information security through regular exercises such as Phishing campaign, cyberattack simulation including external parties when applicable.
  • Own the Security Assurance and Monitoring Programs including scope definition, steering committees’ organization, resolution of identified vulnerabilities and issues of ISAE 3000.
  • Reviews and challenges outsourcing partners regarding implementation of security measures and ensure 3rd Party Cybersecurity Oversight.
  • Investigating cyber incidents and reporting them to the senior management and the Board.

Knowledge and Experience

 

  • 10 to 15 years of experience
  • Bac + 5 or equivalent in Information Technology, Business, Finance, Risk.
  • Sound knowledge of banking business.
  • Sound knowledge of DORA, EBA guidelines & CSSF circulars.
  • Sound knowledge of IT security standards, industry best practices and methodologies.
  • Experience in IT risk assessment / analysis process.
  • Experience in 3rd Party Cybersecurity oversight.

Attributes and Qualities

 

 

  • Program and Project management skills
  • Strong interpersonal skills
  • Budget/P&L Management
  • Ability to manage multiple projects with competing demands for limited resources.
  • Ability to lead a team of 10 to 15 people

Technical Skills

 

  • Proficient use of MS Office.
  • Good understanding of the IT security solutions market.
  • Previous managing experience at Systems Integrator is a plus.
     

Languages Skills

 

  • English and French. Another additional language is a plus.
     
< Back to search Apply Now