Informacje o stanowisku

IT Security Expert in Encryption Governance Team

Nordea is a leading Nordic universal bank – we are a strong and personal financial partner with financial solutions that best meet your needs so you can achieve your goals and realise your dreams.

The Encryption Governance Team in Data Protection and Encryption Centre delivers cryptographic advisory, governance, and solutions for new or existing services, e.g., cloud, secure storage, cards, applications using symmetric and asymmetric cryptography. We add value by de-risking and protecting the Bank and our customers. As IT Security Expert, youll play a valuable role in providing insights into legal and regulatory changes in the banking environment that could impact business and/or security performance.

Your future responsibilities:

• Monitor legal and regulatory changes in the banking environment that could impact business and/or security measures in terms of encryption standards.
• Research, evaluate, and recommend updates to new & existing policies and procedures to ensure encryption and key management standards are in line with internal and regulatory compliance.
• Manage the process of gathering, analysing, and assessing the current and future encryption landscape, as well as providing senior management with a realistic overview of risks and threats in the enterprise environment.
• Build strong relationships across the enterprise (with Business, Technology, Chief Security Office, other Cyber Security, and Risk & Compliance units) to enable a good understanding and close alignment with business needs, direction, and identified risks in relation to handling and managing encryption.
• Recommend, review, and document relevant cryptographic controls to support and enforce defined security policies.
• Manage and coordinate lessons learned and process improvements coming from policy violation events, incident management cases, including detection, response, and reporting.
• Monitor and report on compliance with security policies related to cryptography, as well as the enforcement of policies across the bank.
• Act as the main point of contact for corporate stakeholders in relation to cyber security and encryption governance topics.
• Operationalise cryptographic keys inventory and risk assessment program to achieve business goals with defined success criteria.
• Identify encryption-related risks and drive the implementation of recommended mitigations and gap analysis.
• Management reporting analysis for encryption inventory and risk assessment.
• Ensure that standards for cryptographic controls are updated, relevant, and agreed with the 2nd line of defence.

Who you are:

Collaboration. Ownership. Passion. Courage. These are the values that guide us in being at our best - and that we imagine you share with us.

• Excellent communicator able to reduce complex ideas to simple terms and express these both to non-technical and highly technical audiences.
• Experience of planning, prioritizing, and organizing the work of yourself and others, delivering to tight deadlines whilst ensuring the effective use of resources.

Your profile and background:

• Proven track record in Encryption and Key Management and/or Information Security role including experience and knowledge of Information Security practices oriented on cryptographic standards and processes in the banking environment.
• Solid knowledge of Banking regulations related to cryptography, e.g., Payment Card Industry Data Security Standards (PCI DSS), National Institute of Standards and Technology (NIST), Data Protection Act, General Data Protection Regulations (GDPR) and other relevant regulations being subject to audit from institutions such as European Central Bank and FSA, other EU/US Financial Authorities and Banks, Digital Operational Resilience Act (DORA).
• Knowledge and understanding of encryption and key management risk concepts and principles as means of addressing business needs and design of appropriate security measures.
• Excellent understanding of encryption and information security regulations and standards, industry best practices, and strategies.
• Experience in working in a regulated environment and cooperation with CISO/CSO, Technology Risk Management, and business units in the universal bank.
• Knowledge of Encryption and Key Management domain on an expert level will be an asset.
• Practical experience with the utilization of cryptography in complex business solutions is an additional advantage.
• Experience in documenting IT Security Processes, that is to create, update, manage and organize dedicated instructions, procedures, standards, and policies.

If this sounds like you, get in touch!

Next steps:

For more information, you’re welcome to contact Pawel Wieczorek ( ).

At Nordea, we know that an inclusive workplace is a sustainable workplace. We deeply believe that our diverse backgrounds, experiences, characteristics, and traits make us better at serving customers and communities. So please come as you are.

Warszawa - Oferty pracy w okolicznych lokalizacjach