Senior Control Assurance Advisor




IT Audit & Compliance

Project description:

To face the ever evolving threats we are expanding our Group Security & Business Resilience Division.

As a global critical financial infrastructure, the protection of information and assets is fundamental to the company’s business. Security is at the core of our services, firmly embedded in the management systems and processes of the company. You will be joining our Group Security & Business Resilience (GSBR) team in charge of putting in place the required controls to adequately and effectively protect our information assets.

The recent spate of cyber-attacks on some of the world’s largest organisations has highlighted the requirement for a strong information and security function. Security threats are a Board-level agenda item as they have the capacity to disrupt the entire European post-trade process.


As a Control Assurance Advisor you will join the Security Assurance & Testing team, within which you will:

Perform security assurance on existing and new security controls
Evaluate compliance with different frameworks (Swift CSCF, FFIEC, NIS Directive, etc.)
Consider the impact of detected deviations using a risk based approach
Follow-up on new security related regulatory frameworks
Discuss with stakeholders (security experts, project managers, internal audit, etc.) the outcome of the assurance process
Proactively work with stakeholders on control expectations and evidencing

Technical skills:

You have :
An IT, Science, Civil engineering or Commercial engineering related degree (Bachelor, Master, PhD)
Security certifications such as CISSP, CISA, CISM, CGEIT, or CRISC are an asset
At least 8 years in IT, of which 5 years in a information security position
A first experience in security control assurance or audit

A good understanding of IT & Security processes within large and complex organisations
A strong general knowledge in all areas of information security (identity & access management, systems security, network security, vulnerability management, incident management, application security, business continuity, asset classification, etc.)

You are:
Independent and self-organising
At ease in a fast changing environment
Accurate, acting with attention to details
A good communicator, and able to defend your position when challenged
Flexible and pragmatic
A good team player
Fluent in English (both written and spoken)

Contact person:

Contact name: Yves De Vocht