Dieses Jobangebot ist archiviert und steht nicht mehr zur Verfügung.
Vakante Jobangebote finden Sie unter Projekte.
Vakante Jobangebote finden Sie unter Projekte.
Information Security Control Officer (Brussels)
Eingestellt von Anankei
Gesuchte Skills: Support, Unix
Projektbeschreibung
Je functie: Context
The Information Security and Risk Management department supports IT and Business Units to develop adequate solutions in Information
Security and Risk Management practices.
The mission of ISRM is:
o to enable sound and formal information security risk decision making by our management, and
o to help management with implementing a proper information security management system.
Implementation of a suitable ISMS ('Information Security Management System'), includes policies, processes, procedures, organizational structures, software and
hardware functions, and the corresponding (permanent) controls.
Bank's ISCP ( Information Security Control Plan) formalizes and documents those (permanent) controls. It includes a set of controls to be executed in order to
ensure that the information security organization, processes and/or information assets are managed in compliance with policies and procedures and that they are
risk-controlled:
o Level 1 controls, which are carried out by and under the responsi bility of the operational management in charge of the implementation of information
security (e.g. process/ asset owners);
o Level 2 controls, which are carried out by ISRM as independent control function.
To support ISCP activity, we are looking for an Information Security Control Officer.
Function Description
An Information Security Control Officer will carry the following responsibilities:
o Coordination:
o Coordinates/ oversees the ISCP activity and its compliance with requirements from the bank ISNF ( Information Security Normative Framework);
o Define the operating mode of the security controls via the creation and maintenance of Governance/Process documentation, Control Reference
Card template, Centralized controls repository.
o Write memos/reports on control results and progress of remediation actions to the attention of senior management.
o Control: executes level 2 controls;
o Identifies Control points that can help verifying:
o that the organization is adequate to steer the information security activity;
o whether level 1 controls exist and are effective.
o For each run of the control plan, consolidates the control results obtained from the different entities. Check the coherence of the control results
based on evidence received. Challenge anomalies.
o Performs a follow-up and report on the progress of the identified remediation actions. These remediation actions are contained in a central
repository which requires proper administration.
o Alert: escalates in case of non-deployment of the bank ISCP or in case (major) control results are contentious (validity; effectiveness; etc.).
o Advisory: provides advice and assistance to the Process/ Asset owners with regards to the definition and implementation of the ISCP level 1 controls.
o Help operational management with definition of security controls, with completion of Control Reference Card and advice on control maintenance.
o Help operational management with the identification of remediation actions to address control defects and with follow-up on their progress till their closure.
Start Date ASAP
Duration 6 months, extension possible
Location
Brussels
Je profiel: Required knowledge / Experience
Education
Bachelor/Master or equivalent by experience
Languages Requirement
French Fluent speaking, good writing
Dutch Fluent speaking, good writing
English Fluent speaking and writing
Experience
At least 5 years of relevant experience.
Preferable experience in information security.
Technical Experience
Mandatory
Solid knowledge of Excel - pivot tables, formulas;
Practical experience of SharePoint as administrator and user.
Preferable
Good understanding of IT security technology and processes (secure networking, web infrastructure, WinTEL, UNIX, etc.);
Auditor experience;
Business Experience
Mandatory
Experience within the Banking and Finance Industry
Experience in working in cross-functional departments and teams.
Practical exposure to process management.
Capability to quickly understand end-to-end process flows and control needs.
Experience in creating memos to the attention of senior management level
Preferable
Proven experience in designing and implementing controls
Knowledge of Information Security (preferably based on ISO 27001-27005 standards)
Soft skills
o Team player
o Quick self-starter, pro-active attitude
o Good Communication and Influencing skills
o Good analytical and synthesis skills
o Autonomy, commitment and perseverance
o Ability to work in a dynamic and multi-cultural environment
The Information Security and Risk Management department supports IT and Business Units to develop adequate solutions in Information
Security and Risk Management practices.
The mission of ISRM is:
o to enable sound and formal information security risk decision making by our management, and
o to help management with implementing a proper information security management system.
Implementation of a suitable ISMS ('Information Security Management System'), includes policies, processes, procedures, organizational structures, software and
hardware functions, and the corresponding (permanent) controls.
Bank's ISCP ( Information Security Control Plan) formalizes and documents those (permanent) controls. It includes a set of controls to be executed in order to
ensure that the information security organization, processes and/or information assets are managed in compliance with policies and procedures and that they are
risk-controlled:
o Level 1 controls, which are carried out by and under the responsi bility of the operational management in charge of the implementation of information
security (e.g. process/ asset owners);
o Level 2 controls, which are carried out by ISRM as independent control function.
To support ISCP activity, we are looking for an Information Security Control Officer.
Function Description
An Information Security Control Officer will carry the following responsibilities:
o Coordination:
o Coordinates/ oversees the ISCP activity and its compliance with requirements from the bank ISNF ( Information Security Normative Framework);
o Define the operating mode of the security controls via the creation and maintenance of Governance/Process documentation, Control Reference
Card template, Centralized controls repository.
o Write memos/reports on control results and progress of remediation actions to the attention of senior management.
o Control: executes level 2 controls;
o Identifies Control points that can help verifying:
o that the organization is adequate to steer the information security activity;
o whether level 1 controls exist and are effective.
o For each run of the control plan, consolidates the control results obtained from the different entities. Check the coherence of the control results
based on evidence received. Challenge anomalies.
o Performs a follow-up and report on the progress of the identified remediation actions. These remediation actions are contained in a central
repository which requires proper administration.
o Alert: escalates in case of non-deployment of the bank ISCP or in case (major) control results are contentious (validity; effectiveness; etc.).
o Advisory: provides advice and assistance to the Process/ Asset owners with regards to the definition and implementation of the ISCP level 1 controls.
o Help operational management with definition of security controls, with completion of Control Reference Card and advice on control maintenance.
o Help operational management with the identification of remediation actions to address control defects and with follow-up on their progress till their closure.
Start Date ASAP
Duration 6 months, extension possible
Location
Brussels
Je profiel: Required knowledge / Experience
Education
Bachelor/Master or equivalent by experience
Languages Requirement
French Fluent speaking, good writing
Dutch Fluent speaking, good writing
English Fluent speaking and writing
Experience
At least 5 years of relevant experience.
Preferable experience in information security.
Technical Experience
Mandatory
Solid knowledge of Excel - pivot tables, formulas;
Practical experience of SharePoint as administrator and user.
Preferable
Good understanding of IT security technology and processes (secure networking, web infrastructure, WinTEL, UNIX, etc.);
Auditor experience;
Business Experience
Mandatory
Experience within the Banking and Finance Industry
Experience in working in cross-functional departments and teams.
Practical exposure to process management.
Capability to quickly understand end-to-end process flows and control needs.
Experience in creating memos to the attention of senior management level
Preferable
Proven experience in designing and implementing controls
Knowledge of Information Security (preferably based on ISO 27001-27005 standards)
Soft skills
o Team player
o Quick self-starter, pro-active attitude
o Good Communication and Influencing skills
o Good analytical and synthesis skills
o Autonomy, commitment and perseverance
o Ability to work in a dynamic and multi-cultural environment
Projektdetails
Geforderte Qualifikationen
-
Kategorie:
IT Entwicklung, Sonstiges