Dieses Jobangebot ist archiviert und steht nicht mehr zur Verfügung.
Vakante Jobangebote finden Sie unter Projekte.
Vakante Jobangebote finden Sie unter Projekte.
Information Security Policies, Standards and Compliance Advisor (Frenc
Eingestellt von Base 3
Gesuchte Skills: Network, Unix
Projektbeschreibung
Information Security Policies, Standards and Compliance Advisor (French speaking)
CONTEXT:
The team supports IT and Business Units to define, implement and maintain an Information Security Management System (ISMS), with the ultimate objective of enable sound and formal risk decision making management. The implementation of a suitable ISMS requires to define an integrated normative and control framework, based on authoritative sources (eg: directives, laws, ), via policies and standards. The effective operational implementation of these policies and standards must be ensured through a compliance monitoring that measures the degree of conformity and effectiveness. The final objective being to provide reasonable assurance on the achievement and realization of important security and continuity risk control objectives.
Complementary to these activities, the team is very active in:
- the identification of information security risks on assets/applications, projects and 3rd-parties.
- the advice, consultancy, monitoring and reporting on risk treatment in order to reduce the overall risk exposure of IT and Business at an optimized cost.
- the elaboration and management of the implementation of a flexible strategy to reduce Information Security risks in accordance to the Information Security policies.
FUNCTION:
Perform Legal & Regulatory Watch
- Ensure that all Information Security related authoritative sources are captured.
- Perform gap analysis to ensure that missing elements are integrated when
- Attribute implementation responsibilities;
- Get implementers' acceptance on the attributed implementation responsibilities.
Maintain a traceable inventory the alignment between Technical Standards (eg Windows, Mainframe, Network, other IT activities) and the Information Security Policies:
- You will be the Security SPOC for IT stakeholders in Belgium and France.
- You will analyse the IT technical standards and perform a mapping to the policy framework.
- Traceability being key, you will keep track of deviations and use your influence skills to convince stakeholders for a pragmatic resolution.
- You will report on the compliance status between policies and technical standards to Global Security, IT and Senior Management.
Execute security risk assessments in IT and business, scoping projects or Legacy assets (applications, business solutions, 3rd-parties organization, processes ). Maintenance of identified risks in the risk registry database.
EXPERIENCE:
- 2-5 year experience in IT security technology and processes (secure networking, web infrastructure, Wintel, UNIX, Mainframe, ATM, etc.);
- Metrics definition and dashboards.
- Significant experience in operational/security risk management
- 2 years' experience in developing and maintaining policies and/or processes (preferably in IT area).
- Experienced with regulatory requirements, ISO/IEC standards (eg: 27001 Information Security Management Standard, ), laws and regulations
- Hand-on experience in the performance of security risk assessments on Third-parties and applications.
- Knowledge of Information Security and Risk Management frameworks
- Tools: advanced knowledge and use of Office suite, SharePoint,
- Coordination of/collaboration with externals resources.
- 2-5 years' experience in IT, Information Security environments.
- Capability to quickly understand end-to-end process flows and control needs.
- Experience in creating memos to the attention of senior management level.
CONTEXT:
The team supports IT and Business Units to define, implement and maintain an Information Security Management System (ISMS), with the ultimate objective of enable sound and formal risk decision making management. The implementation of a suitable ISMS requires to define an integrated normative and control framework, based on authoritative sources (eg: directives, laws, ), via policies and standards. The effective operational implementation of these policies and standards must be ensured through a compliance monitoring that measures the degree of conformity and effectiveness. The final objective being to provide reasonable assurance on the achievement and realization of important security and continuity risk control objectives.
Complementary to these activities, the team is very active in:
- the identification of information security risks on assets/applications, projects and 3rd-parties.
- the advice, consultancy, monitoring and reporting on risk treatment in order to reduce the overall risk exposure of IT and Business at an optimized cost.
- the elaboration and management of the implementation of a flexible strategy to reduce Information Security risks in accordance to the Information Security policies.
FUNCTION:
Perform Legal & Regulatory Watch
- Ensure that all Information Security related authoritative sources are captured.
- Perform gap analysis to ensure that missing elements are integrated when
- Attribute implementation responsibilities;
- Get implementers' acceptance on the attributed implementation responsibilities.
Maintain a traceable inventory the alignment between Technical Standards (eg Windows, Mainframe, Network, other IT activities) and the Information Security Policies:
- You will be the Security SPOC for IT stakeholders in Belgium and France.
- You will analyse the IT technical standards and perform a mapping to the policy framework.
- Traceability being key, you will keep track of deviations and use your influence skills to convince stakeholders for a pragmatic resolution.
- You will report on the compliance status between policies and technical standards to Global Security, IT and Senior Management.
Execute security risk assessments in IT and business, scoping projects or Legacy assets (applications, business solutions, 3rd-parties organization, processes ). Maintenance of identified risks in the risk registry database.
EXPERIENCE:
- 2-5 year experience in IT security technology and processes (secure networking, web infrastructure, Wintel, UNIX, Mainframe, ATM, etc.);
- Metrics definition and dashboards.
- Significant experience in operational/security risk management
- 2 years' experience in developing and maintaining policies and/or processes (preferably in IT area).
- Experienced with regulatory requirements, ISO/IEC standards (eg: 27001 Information Security Management Standard, ), laws and regulations
- Hand-on experience in the performance of security risk assessments on Third-parties and applications.
- Knowledge of Information Security and Risk Management frameworks
- Tools: advanced knowledge and use of Office suite, SharePoint,
- Coordination of/collaboration with externals resources.
- 2-5 years' experience in IT, Information Security environments.
- Capability to quickly understand end-to-end process flows and control needs.
- Experience in creating memos to the attention of senior management level.
Projektdetails
Geforderte Qualifikationen
-
Kategorie:
IT Entwicklung