IT Security Expert in Encryption Governance Team

Job ID: 26895 
 

Encryption Governance Team in Data Protection and Encryption Centre where we deliver cryptographic advisory, governance and solutions for new or existing services, e.g. cloud, secure storage, cards, applications using symmetric and asymmetric cryptography. We add value by de-risking and protecting the Bank and our customers. As IT Security Expert, you'll play a valuable role in providing the insights into legal and regulatory changes in banking environment that could impact business and/or security performance.

Your future responsibilities

• Monitor legal and regulatory changes in banking environment that could impact business and/or security measures in terms of encryption standards
• Research, evaluate and recommend updates to new & existing policies and procedures to ensure encryption and key management standards are in line with internal and regulatory compliance
• Manage the process of gathering, analysing, and assessing the current and future encryption landscape, as well as providing the senior management with a realistic overview of risks and threats in the enterprise environment
• Build strong relationships across the enterprise (with Business, Technology, Chief Security Office, other Cyber Security and Risk & Compliance units) to enable a good understanding and close alignment with business needs, direction, as well as, identified risks in relation to handling and managing encryption
• Recommend, review and document relevant cryptographic controls to support and enforce defined security policies
• Manage and coordinate lessons learned and process improvements coming from policy violation events, incident management cases, including detection, response, and reporting
• Monitor and report on compliance with security policies related to cryptography, as well as the enforcement of policies across the bank
• Act as main point of contact for corpore stakeholders in relation to cyber security and encryption governance topics
• Operationalise cryptographic keys inventory and risk assessment program to achieve business goals with defined success criteria
• Identify encryption related risks and drive the implementation of recommended mitigations and gap analysis
• Management reporting analysis for encryption inventory and risk assessment
• Ensure that standards for cryptographic controls are updated, relevant and agreed with the 2nd line of defence

Who you are

Collaboration. Ownership. Passion. Courage. These are the values that guide us in being at our best - and that we imagine you share with us.

Communication skills:

• Excellent communicator able to reduce complex ideas to simple terms and express these both to non-technical and highly technical audiences
• Planning & Organization skills
• Experience of planning, prioritizing, and organizing the work of yourself and others, delivering to tight deadlines whilst ensuring the effective use of resources

Your profile and background:

• Proven track record in Encryption and Key Management and/or Information Security role including experience and knowledge of Information Security practices oriented on cryptographic standards and processes in banking environment
• Solid knowledge of Banking regulations related to cryptography, e.g., Payment Card Industry Data Security Standards (PCI DSS), National Institute of Standards and Technology (NIST), Data Protection Act, General Data Protection Regulations (GDPR) and other relevant regulations being subject of audit from institutions such as European Central Bank and, FSA, other EU/US Financial Authorities and Banks, Digital Operational Resilience Act (DORA)
• Knowledge and understanding of encryption and key management risk concepts and principles as means of addressing business needs and design of appropriate security measures
• Excellent understanding of encryption and information security regulations and standards, industry best practices and strategies
• Experience in working in regulated environment and cooperation with CISO/CSO, Technology Risk Management and business units in the universal bank
• Knowledge of Encryption and Key Management domain on an expert level will be an asset
• Practical experience with utilization of cryptography in complex business solutions is an additional advantage
• Experience in documenting IT Security Processes, that is to: create, update, manage and organize dedicated instructions, procedures, standards and policies

If this sounds like you, get in touch!

Next steps

For more information, you’re welcome to contact Pawel Wieczorek (pawel.wieczorek@nordea.com).

At Nordea, we know that an inclusive workplace is a sustainable workplace. We deeply believe that our diverse backgrounds, experiences, characteristics and traits make us better at serving customers and communities. So please come as you are.

Please include permit for processing personal data in CV as following:

In accordance with art. 6 (1) a and b. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) hereinafter ‘GDPR’. I agree to have: my personal data, education and employment history proceeded for the purposes of current and future recruitment processes in Nordea Bank Abp.

The administrator of your personal data is: Nordea Bank Abp operating in Poland through its Branch, address: Aleja Edwarda Rydza Śmiglego 20, 93-281 Łodź. Your personal data will be processed for the recruitment processes in Nordea Bank Abp. You have a right to access your personal data, right to rectify and right to delete. Disclosing the personal data in the scope specified by the provisions of Polish Labour Code from 26 June 1974 and executive acts are mandatory. Providing personal data is necessary to conduct the recruitment processes. The request for the deletion of your personal data means resignation from further participation in recruitment processes and causes the immediate removal of your application. Detailed information concerning processing of your personal data can be found at: nordea.com/en/doc/nordea-privacy-policy-for-applicants.pdf.

We reserve the right to reply only to selected applications.