Information Security Risk Manager, AVP

About ABN AMRO Clearing USA LLC

ABN AMRO Clearing USA LLC (AAC-USA) is a subsidiary of ABN AMRO Clearing Bank N.V., a global clearing firm that provides an integrated suite of financial services to professional trading participants in the global financial market. Our core service offerings consist of execution, clearing, financing, stock borrowing and lending, settlement and custody. Today we clear and finance over 16 million trades per day and cover 90 of the world’s leading exchanges across Europe, the Americas and Asia Pacific. Our international network provides comprehensive market access to exchange-listed instruments such as stocks, futures and options. It also covers non-exchange listed investment instruments and alternative products including bonds, OTC derivatives, warrants, forex, forwards, and energy and commodities. ABN AMRO Clearing consistently ranks among the top three clearers in every time zone, based on turnover and market share.

Job Overview

The Information Security Risk Manager will, in accordance with the Non-Financial Risk Policy & Framework, ensure the bank is resilient, in control and acts within the operational risk appetite, limiting losses while executing its business strategy under all circumstances. He/she will support a culture and framework of risk awareness to achieve a sustainable profitable growth, building and keeping the trust and confidence of all stakeholders (clients, regulators, shareholders).

Job Responsibilities

• Ensure successful implementation of the 2nd Line of Defense (LOD) Operational Risk Governance in accordance with ABN AMRO Clearing risk management policies and the 3 LOD model, with a specific focus on information security control framework
• Facilitate overview of information security key risks and controls, perform business reviews to assess level of internal control, and demonstrate that risks are managed within risk appetite, and advise management of the results and recommendations
• Assist with the implementation and monitoring of information security internal controls in accordance with the NIST framework
• Ensure successful implementation of information security risk management framework through deep dives, risk assessments (RA), management actions, and development and testing of formal internal controls
• Facilitate periodic assessments to gather reliable information on the confidentiality, integrity and availability (CIA) of information assets; provide 2nd LOD opinion on outcomes
• Provide the framework and facilitate the review and revision of Information Security policies and procedures, and provide management with independent recommendations for enhancements
• Perform independent analysis and root cause investigations of security incidents and events, including trend analyses
• Identify and communicate control framework enhancements by keeping up with industry trends and monitoring changes in information security processes, systems, etc.

The Information Security Risk Manager (ISRM) also assists the I&ORM team with the implementation of the overall internal control framework and assists other team members with:

• Ensure successful implementation of the 2nd Line of Defense (LOD) Operational Risk Governance in accordance with ABN AMRO Clearing risk management policies and the 3 LOD model
• Serve as 2nd line of defense Information Risk Management expert and point of contact for IT Business area
• Develop and implement the 2nd LoD Information & Operational Risk Governance for IT Business area
• Facilitate overview of the firms key risk and controls, perform business reviews to assess level of internal control, and demonstrate that risks are managed within risk appetite, and advise management of the results and recommendations
• Ensure successful implementation of operational risk management framework through deep dives, risk assessment (RA), management actions, and development and testing of formal internal controls
• Generate management reporting dashboards – KRIs, CFTC RER, global dashboards (ERM, Global I&ORM, etc) – providing independent challenge and validation of reported metrics and 2nd LOD opinion where appropriate
• Perform independent analysis and root cause investigations of operational incidents and trading errors, including trend analyses
• Assist with implementation of internal control framework for operational risk, information security, and business continuity

Job Requirements

• Minimum of a Bachelors Degree in Information Technology, Accounting, Finance or business related field, Masters Degree preferred
• Certified in Risk & Information Systems Control (CRISC), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP)
• 5 - 8+ years of experience in Information Security, or financial or related industry
• Comprehensive knowledge of industry-wide IT standards such as NIST, ITIL, COBIT, etc.
• Knowledge of information security best practices, including cybersecurity and cloud practices with a focus in the financial industry
• Strong knowledge of information security management and of IT systems, processes and regulations
• Knowledge of Operational Risk Management, external regulations and auditing
• Knowledge of applicable US and international regulations and frameworks (e.g. SEC, FINRA, CFTC, NFA, MiFID, Basel II/III, Dodd-Frank, etc)
• Comprehensive understanding of clearing processes, key risks, and internal controls
• Excellent communication, time management and organizational skills

Perks and Benefits

As a global leader in financial services, we rely on the strengths of our employees to deliver their best work for our clients. We invest back in our employees by offering a host of benefits and perks.

• Competitive health benefit offerings, including choice of three medical plans through BCBS-IL, dental, vision and flexible spending accounts
• Complimentary annual membership to One Medical as well as an EAP
• Robust 401(k) Plan with a generous match and vesting schedule
• Use it or lose it pre-tax commuter benefits, corporate Divvy memberships and employer paid benefits such as term life and AD&D and disability insurance
• Generous paid time off, sick days, a robust holiday schedule and parental leave plans.
• Monthly wellness subsidy used towards wellness activities
• Flexible hybrid work schedules
• Open communication including regular Town Hall meetings with the Management Team
• Forward-thinking, culture-based organization with collaborative teams that promote diversity, equity and inclusion
• Free coffee & tea and “bagel Wednesday”
• Employee-led Social and Philanthropy Committee to bring awareness and fun to the employees
• Awesome office space with a large kitchen/meeting gathering area – including a foosball and ping pong table
• Private, well-equipped Mother’s room
• Office is conveniently located in the Chicago Loop Financial District – close to CTA and Metra
• Well maintained building (an architectural “masterpiece”) and a part of Chicago history – also includes a robust business center with a café, game-room and a shared rooftop terrace with green space

This information is intended as a summary of potential benefits only. Eligibility for the plans and programs listed here depends on the nature of employment, length of service and other factors. Actual coverage is governed by supporting summary plan descriptions and related policies.

ABN AMRO Clearing USA (AAC-USA) is proud to be an equal opportunity employer. AAC-USA celebrates diversity and does not discriminate on the basis of actual or perceived race, creed, color, religion, alienage or national origin, ancestry, citizenship status, age, disability or handicap, sex, marital status, veteran status, sexual orientation, status as a victim of domestic violence, sex offenses or stalking, genetic predisposition or carrier status, gender identity or expression, or any other characteristic protected by applicable federal, state or local laws. We cultivate a culture of inclusion for all employees that respects individual strengths, views and experiences. We believe that our differences enable us to be a better and stronger team – one that makes better decisions and delivers better business results. Additionally, AAC-USA participates in the E-Verify program in the US.