Join arenaflex, a leading global financial services company, in a dynamic and challenging role as an Information Security Manager within the Global Risk and Compliance (GRC) team. This is an exceptional opportunity to work with a talented team of professionals who are responsible for building and implementing the company's information security program and providing independent risk oversight to the organization.
**About arenaflex**
arenaflex is a global leader in the financial services industry, providing innovative payment and travel solutions to individuals and businesses worldwide. With a rich history of innovation and a commitment to excellence, arenaflex has established itself as a trusted brand, known for its reliability, security, and customer-centric approach.
**The Role**
As an Information Security Manager, you will be part of the second line of defense in the GRC team, reporting directly to the Chief Risk Officer (CRO). This is a critical role that requires a strong understanding of information security risks and the ability to identify, assess, and mitigate potential threats to the organization. You will work closely with key stakeholders across lines of business and lines of defense to ensure that risks are managed effectively and in accordance with company policies and regulatory requirements.
**Key Responsibilities**
* Conduct independent, proactive risk management and oversight of information security, network security, and business continuity management risks across the organization.
* Perform data-driven audits focused on information security processes, network security controls, and business continuity management practices.
* Lead exploratory data analysis on large datasets using SQL, Python, and Excel to develop insights on network security and information-related data.
* Create and maintain data-driven key risk indicators (KRIs) and key performance indicators (KPIs) that provide real-time visibility into risk and performance trends.
* Stay up-to-date with relevant regulations, standards, and industry best practices.
* Support the development of an independent information security risk oversight program that defines the scope and integration with other risk management programs, including IT risk self-assessments, business continuity management, new product approvals, mergers and acquisitions, etc.
* Collaborate with cross-functional teams to identify and mitigate information security risks, and ensure that risks are managed effectively and in accordance with company policies and regulatory requirements.
**Essential Qualifications**
* Bachelor's degree in a relevant field, such as computer science, information systems, or a related field.
* 5+ years of experience in risk management across any of the three lines of defense.
* Proven ability to identify risks, analyze issues, and determine significant insights about risk patterns through conducting interviews and analyzing large volumes of data.
* Strong knowledge of frameworks, cloud security, digital intelligence, and digital incident response.
* Excellent analytical and problem-solving skills with high attention to detail and accuracy.
* Strong knowledge of at least one of the data mining/large data analytics tools (e.g., Microsoft Excel: PowerPivot, SQL, SAS, Python, R).
* Strong decision-making and critical thinking skills.
* Ability to work independently with minimal supervision.
* Excellent verbal, written, and interpersonal skills.
* Ability to challenge conventional thinking by effectively engaging in constructive dialogue.
**Preferred Qualifications**
* Educational background: Software engineering or Data Systems.
* Experience in risk management across network security, data security, third-party, business continuity management.
* Industry certifications (e.g., CISM, CISA, CRISC, CISSP).
* Cloud security certifications (e.g., CCSK, CompTIA Cloud, CCSP, Purple Security, etc.).
* Understanding of risk assessment methodologies, frameworks, and industry standards (e.g., COSO, COBIT, ISO 27001, FAIR or NIST RMF).
* Knowledge of significant regulations and guidelines (e.g., OCC Enhanced Principles, FFIEC IT booklets).
* Experience with Governance, Risk, and Compliance (GRC) tools (e.g., Bowler).
**What We Offer**
* Competitive salary and benefits package.
* Opportunity to work with a talented team of professionals in a dynamic and challenging environment.
* Professional development and growth opportunities.
* Collaborative and inclusive work environment.
* Recognition and rewards for outstanding performance.
**How to Apply**
If you are a motivated and experienced professional with a passion for information security and risk management, we encourage you to apply for this exciting opportunity. Please submit your resume and a cover letter outlining your qualifications and experience.