Responsibilities

The Customer & Provider Security and Resilience (CPSR) team drives the global Customer Security Programme (CSP) and Shared Infrastructure Programme (SIP), with the overall aim of maintaining appropriate cybersecurity ‘hygiene’ within our customers and providers communities to reduce the risk of cyberattacks, thereby transforming the institutional financial services ecosystem.

The CPSR team’s mission is crucial to our ecosystem’s security levels and is overseen by the Board and Swift Oversight.

The “Security Programmes Operations” sub-team of CPSR is looking for an enthusiastic new colleague. This sub-team is primarily responsible for the operations of the CSP and SIP programmes. The operations tasks encompass a wide range of activities: ownership and maintenance of key documents (like the Independent Assessment Framework and the CSP policy), ensure customers and providers awareness and engagement, provide internal and external support and training, prepare and present webinars, contribute to key initiatives like the Swift CSP Certified Assessor Programme, advice and support on the evolution of the supporting applications (Such as KYS-SA) and more globally, contribute to the evolution of the different security programmes managed by the team.

Additionally, the team performs the Service Monitoring of the published certified assessor which requires some audit knowledge to support interviews with the assessment providers listed in our directories.

1. Support CSP and SIP Programmes evolution and their rollout

• Based on input from customers and providers, provide suggestions for improvement to support the evolution of the Customer security control Framework (CSCF), the Independent Assessment Framework (IAF), the CSP Certified Assessor Framework, and all collateral (including training and support documents). You may be involved also in the evolution of the PSCF (Provider Security Controls Framework) evolution.
• Promote the Security Programmes and related key documents (CSCF, IAF and CSP Policy) internally and to the community via webinars / training sessions / customer meetings.

2. Centre of Expertise (CoE) for technology/control/security issues

• Assist customers, providers and internal users as a second line of support with questions on the CSP overall (controls, scope, assessment, obligation and requirements…), usage of applications (KYC-SA, KYS), and maintain assistance statistics – propose improvements to security frameworks or collateral. Same support could be required for SIP related inquiries.

• Support CSP regional meetings and ad-hoc awareness sessions with the customers and the providers.
• In collaboration with expert colleagues, maintain various CSP supporting collaterals (TIPs, training material, FAQs, architecture decision tree, and assessor documentation such as high-level test plan) making them more customer-friendly and handier for our customers.
• Contribute to key external or internal communication campaigns, like the CSP newsletters.

3. Actively Contribute to key initiatives and raise engagement of the community

• Support key team initiatives to improve the CSP and providers Programmes.
• Propose innovative ideas to raise the commitment of the community to ensure that the CSP and Providers’ requirements and obligations are met.
• Support the CSP Certified Assessor Service Monitoring process (including providers interviews), and ad-hoc tasks (e.g. exam questions review)
• Be involved in the potential automations or Artificial Intelligence related initiatives.

4. Support tooling evolution

• Provide input to make the tools and applications used by customers and providers more efficient and user friendly
• Be involved in the requirements, testing, and support of those applications in collaboration with the Product Owner.

5. Backup on Communication and engagement activities

• Shadow the communication and engagement activities, including the preparation and coordination of customers’ communication and touchpoints such as webinars organisation.
• Backup for CSP’s internal and external community activities.

Qualifications

Primary Skills

• Knowledge of the CSP and SIP programmes
• Strong interpersonal skills, with innovative mindset, able to work independently.
• Strong cross-team liaison and collaboration skills
• Strong communication skills
• Training skills
• Strong general IT technical understanding
• Advanced (cyber-)security Knowledge (Security Certification is a plus)
• Good audit knowledge (including audit process and interview techniques)
• Good understanding of Swift connectivity and interface solutions
• Intermediate understanding of banking and payments market segment
• Very good English speaking and writing skills

Supporting Skills:

• Strong customer relationship skills
• Rigorous, disciplined, autonomous
• Continuous improvement and innovative mind-set
• Team player
• Quality oriented

Education

University degree in Computer Science, Information Systems, or a related field; or equivalent work experience. Masters degree an asset.

Experience

Typically has 6 to 10 years of relevant work experience.