Security Risk Analyst

Location: Sydney
Job Type: Full time
Reference: AUNZ03175
Job Overview/Purpose:
The Security Risk Manager role forms part of the Risk, Reporting and Security team in the COO Domain. The purpose of the role is to assist the Senior Manager, IT Risk and Security in ensuring the information security policies and procedures of the Asia Pacific region (Singapore, Hong Kong, China, Indonesia, India, Australia and New Zealand) are applied to all business information, systems and assets.
Key Responsibilities and Accountabilities:
• Security Risk Management 
o Provide guidance to all divisions and departments in relation to IT security.
o Review and rate existing and planned Security Controls.
o Record and track status of items on Security Risk Register.
o Provide updates to Security Risk Dashboards.
o Ensure all Risks are handled as per the requirements of the Bank’s Risk Management Framework.
o Develop, maintain and ensure compliance with security policies and procedures.

• Application and Infrastructure Security
o Scheduling, co-ordination & preparation of AIC Assessments on all application systems and IT infrastructure being used in Asia, Australia & New Zealand (SRMP).
o Co-ordination with IS&D and ITI for security risk mitigation / resolution action plans.
o Provide information on security Residual Risks.
o Communication of information security initiatives and requirements to Business Owners / Operation Units.
o Provide advice and assistance on security requirements on all new application system and infrastructure projects during the development and implementation phases.
o Co-ordination with Global Security on system activities for Archer, including system reviews, functionalities, testing and conversions.

• Vendor Assessments
o Scheduling, co-ordination & preparation of Vendor Assessments (VRMP) on all critical service providers.
o On-site assessments if required.
o Provide information on Residual Risks.

• Branch/Office Assessments
o Scheduling, co-ordination & preparation of Operational assessments (OSRMP) on all branches, offices, and data centres in use in Asia, Australia & New Zealand.
o On-site assessments if required.
o Co-ordination with stakeholders for risk mitigation / resolution.
o Provide information on Residual Risks.

• Other duties as directed

Core Competencies:
Customer Focus:
• Engaging the customer in dialogue; detecting and listing customers' wishes and needs;
• Responding and anticipating to this, putting customer interest first. 
• Thinking and acting from the customer's perspective. 
• Staying focused on creating added value for the customer (customer value) and improving the service provision.

• Contributing to a joint result based on the philosophy of reciprocal value creation. 
• Seeking collaboration and supporting others. Showing commitment to the joint objective and acting accordingly. 
• Sharing information and knowledge with others.
• Achieving and connecting synergies.

• Challenging self and others to pursue initiatives and take responsible risks with the objective of improving results. 
• Making decisions and initiating actions based on a well-considered risk analysis. 
• Daring to speak up and make choices. 
• Taking responsibility for own decisions and choices.

Results and Output Driven:
• Deliver results achieving a concrete and tangible result. 
• In the process, exhibit discipline and decisiveness.

Personal Development
• Working continually on own personal growth. 
• Staying open to feedback and actively expanding/improving own knowledge, skills and behaviour as an avenue for increasing own performance and that of the organisation or the unit.

• Showing an insight into the mutual relationships and differences between individuals, groups or organisational units; being aware of the differences in interests, perspectives and cultures and taking them into account in actions.
Job Skills and Knowledge:
• Excellent communicator (verbal and written).
• Excellent listening skills.
• Ability to work independently and self-motivated.
• A good understanding of the banking environment and information security.
• Experience with Security tooling such as Archer.

Desirable: (Optional)
• Good understanding of banking operations, systems and risk.
• IT or Operational Risk Management experience.
• Understanding of the core goals and values of Rabobank.
• Good understanding of the Bank’s target market and products offered.
Development Value:
This role provides experience across the Security function and the opportunity to gain a perspective of Asia and RANZG as a whole business. The role will allow you to develop your interpersonal skills as well as to build on the various aspects of Security which will be beneficial for future career opportunities.
• Certified Information Systems Security Professional [CISSP] qualification 
• Solid IT background and good understanding of IT applications
• At least two (2) years’ experience in an IT Technical/Support or Information Security role

Desirable: (Optional)
• Tertiary qualification in Computer Science or a related discipline (desirable).