Cyber Security Analyst - Eindhoven - Executing TVA or IT Security risk

Cyber Security Analyst - Eindhoven - Executing TVA or IT Security risk assessments

Location: Eindhoven (The Netherlands)
Start date: ASAP
Duration: 31/12/16, with option to extend
Hours a week: 40
Job Mission
You will assess the scope and deliverables of IT projects and advise the project managers based on potential security risks within their upcoming projects.
Job Description
As Cyber Security Analyst you are responsible for assessing existing or new IT services on technical vulnerabilities and weaknesses supported by process and tooling. You will also assess IT related project deliverables that needs to be implemented or Legacy infrastructure based on assessments of architectural and detailed designs, workshops, interviews. After assessing the IT projects you will advise your colleagues on security improvements, additional controls and requirements (technical, procedural, organizational).

Beside this, you will be responsible for, but not limited to:

- Translating assessment results into an Information Security Specification (Security plan for service);
- Inform project leaders and project managers upon progress of TVA's and hours spend upon project;
- Reporting upon KPI's relevant for the TVA process;
- Help develop and manage the IT Security policies, standards and baselines conform the IT Security Policy Framework.

SKILLS

- Bachelor or Master degree in an IT technical field or equivalent professional experience;
- Valid industry certifications such as the Certified Information Systems Security Professional (CISSP) or CISM are a plus;
- Experience in ISO 27001 or equivalent are a plus.
- 3-5 years of experience in Executing Threat and Vulnerability analysis (TVA) or IT Security risk assessments on complex IT services and applications;
- Security knowledge of:
- Virtualization technology eg Flexpod, ESX, Citrix
- SAP, Oracle
- Network topology, network protocols and network systems
- Knowledge of prevalent risk assessment frameworks and methodologies eg
- IT Risk assessment frameworks like ISO31000, Standard of Good Practice developed by Information Security Forum (ISF) or NIST SP framework and/or ISO 27005 framework.
- IT Risk assessment methodologies and approaches eg Sprint, Logical, access path analysis, Octave, FAIR or Risk IT
- Knowledge of prevalent audit standards and techniques
- Sound understanding of security technologies, best practices, and security policy frameworks;
- You are in possession of a valid work permit for The Netherlands.

PERSONAL SKILLS

- Strong analytical and conceptual thinking skills;
- Excellent English communication skills and dealing with resistance. Command of the Dutch language is a plus;
- Able to summarize and communicate technical data to a non-technical audience;
- Able to present, advice and convince stakeholders upon the implementation of security requirements;
- Highly-motivated, with a strong work ethic and able to work effectively under minimal supervision.

Interested?
If you are interested in this opportunity please leave your CV and I will contact you.

Riwanna van der Galiën
Delivery Consultant IT Contracting