Dieses Jobangebot ist archiviert und steht nicht mehr zur Verfügung.
Vakante Jobangebote finden Sie unter Projekte.
Vakante Jobangebote finden Sie unter Projekte.
IT Information Security & Compliance - Technical Role/Netherlands/6 mo
Eingestellt von iBSC
Gesuchte Skills: Network, Design
Projektbeschreibung
IRM Security/Information Security/Information Security & Compliance/GRC/IRM/Security & Compliance Information/Cyber Information Security
GENERAL POSITION DEFINITION
The purpose of the IRM (Information Risk Management) Function is to ensure (as a second line of assurance, with Internal Audit providing the Third Line of Assurance) that we are addressing Information Risks in an effective and efficient manner, commensurate with our risk appetite, and being seen as an industry leader among peers and key suppliers of security services.
The Information Risk posture of with us includes a wide variety of potential business impacts, such as HSSE impacts, production loss, financial and maintenance operations loss, loss of Most Confidential bidding data. Each of these Information Risks has a potential impact of $1bln+.
The IRM Function defines requirements for the assessment of Information Risks, defines the selection of mandated IT Controls, and defines and executes assessments of the design and operational effectiveness of these controls. The function organises communication campaigns to impact the behaviour of business and IT staff where it relates to Information Risks.
In addition to these preventative measures, the IRM Function includes a Cyber Resilience function to understand the cyber threat landscape and the vulnerabilities to cyberattacks in IT systems and services, to detect malicious behaviour and to respond to incidents.
Organisationally, the IRM Function reports to the Group CIO. The IRM Function consists of a central team with the Strategy, Learning, Risk and Transformation teams. The IRM Function in the IT Operations Organisation (ITSO) consists of the Detect and Respond Teams and there are business specific teams in each Business and in Global Functions IT.
Given the Cyber threat landscape and its development, it is critical that the IRM Function collaborates closely with suppliers and industry peers and collaborates effectively with government agencies in key countries that we operate in.
POSITION DESCRIPTION - PURPOSE
The purpose of this position is to:
- Ensure Business Teams are aware of the risks in terms of Confidentiality, Integrity, Availability, Legal & Regulatory and help them make risk aware decisions.
- Ensure appropriate and sufficient security controls are in place and tested to maintain a secure posture in the organization.
- Ensure projects originating from any global location is risk assessed and reviewed for information security
POSITION DESCRIPTION - ACCOUNTABILITIES
Accountabilities
- Act as an Information Risk and Compliance Advisor
- Understand Technology Landscape (Application and Infrastructure) and proactively review our information security and related risks wrt threats and vulnerabilities, legal and regulatory compliance
- Facilitate smooth conduct of Risk Assessment (including Legal & Regulatory) on Applications, Network Interfaces with Project Delivery staff/Business/Business IT teams
POSITION DESCRIPTION - SPECIAL CHALLENGES
Special Challenges
A special challenge will be to stay on top of the many engagements while at the same time having a deep understanding of Information security.
Communication and Stakeholder Management skills are essential for this role, being able to cut through complex IT issues and explaining those in easy Business language.
EXPERIENCE AND QUALIFICATIONS REQUIRED
- Good understanding of, and experience with Information Risk Management, IT Security and Compliance and Security Controls and Audit
- Advanced understanding of internal and external IT security standards, SOX, PCI, SOC2/1, ISO27001 standards and relevant legal compliance aspects.
- Robust understanding of, and solid experiences with the impact of Security on application development and operations as well as the IT Infrastructure.
- Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizational boundaries.
- Good understanding of cloud security requirements and third-party control assurance.
- Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups.
- Technical knowledge & relevant experience in security domains/technologies related to:
- Infrastructure/Network security
- Identity and Access Management
- Business Impact Assessment
- Application security
- Data Leakage Prevention
- End-Point Protection
- Web filtering technologies, Proxies and Firewalls.
- Vulnerability Assessment/Penetration Testing
- Cloud security
- Knowledge of Data Security Standards: PCI DSS, Privacy Principles
- Driving Platform/Application security and compliance
- Ability to foresee and identify mitigation strategies for RisksCandidate must also:
- Display excellent communicating and influencing skills
- Display analytical and problem solving skills
- Be pro-active and self-motivated
- Display strong interpersonal and negotiating skills with all levels of staff
- Display Ability and eagerness to quickly learn new technologies.
QUALIFICATIONS
- A qualification one of the following:- in CISSP, CISA, CRISC or CISM
EXPERIENCE
- Must have previous experience in an (Information) Risk and Control Advisory role
IRM Security/Information Security/Information Security & Compliance/GRC/IRM/Security & Compliance Information/Cyber Information Security
GENERAL POSITION DEFINITION
The purpose of the IRM (Information Risk Management) Function is to ensure (as a second line of assurance, with Internal Audit providing the Third Line of Assurance) that we are addressing Information Risks in an effective and efficient manner, commensurate with our risk appetite, and being seen as an industry leader among peers and key suppliers of security services.
The Information Risk posture of with us includes a wide variety of potential business impacts, such as HSSE impacts, production loss, financial and maintenance operations loss, loss of Most Confidential bidding data. Each of these Information Risks has a potential impact of $1bln+.
The IRM Function defines requirements for the assessment of Information Risks, defines the selection of mandated IT Controls, and defines and executes assessments of the design and operational effectiveness of these controls. The function organises communication campaigns to impact the behaviour of business and IT staff where it relates to Information Risks.
In addition to these preventative measures, the IRM Function includes a Cyber Resilience function to understand the cyber threat landscape and the vulnerabilities to cyberattacks in IT systems and services, to detect malicious behaviour and to respond to incidents.
Organisationally, the IRM Function reports to the Group CIO. The IRM Function consists of a central team with the Strategy, Learning, Risk and Transformation teams. The IRM Function in the IT Operations Organisation (ITSO) consists of the Detect and Respond Teams and there are business specific teams in each Business and in Global Functions IT.
Given the Cyber threat landscape and its development, it is critical that the IRM Function collaborates closely with suppliers and industry peers and collaborates effectively with government agencies in key countries that we operate in.
POSITION DESCRIPTION - PURPOSE
The purpose of this position is to:
- Ensure Business Teams are aware of the risks in terms of Confidentiality, Integrity, Availability, Legal & Regulatory and help them make risk aware decisions.
- Ensure appropriate and sufficient security controls are in place and tested to maintain a secure posture in the organization.
- Ensure projects originating from any global location is risk assessed and reviewed for information security
POSITION DESCRIPTION - ACCOUNTABILITIES
Accountabilities
- Act as an Information Risk and Compliance Advisor
- Understand Technology Landscape (Application and Infrastructure) and proactively review our information security and related risks wrt threats and vulnerabilities, legal and regulatory compliance
- Facilitate smooth conduct of Risk Assessment (including Legal & Regulatory) on Applications, Network Interfaces with Project Delivery staff/Business/Business IT teams
POSITION DESCRIPTION - SPECIAL CHALLENGES
Special Challenges
A special challenge will be to stay on top of the many engagements while at the same time having a deep understanding of Information security.
Communication and Stakeholder Management skills are essential for this role, being able to cut through complex IT issues and explaining those in easy Business language.
EXPERIENCE AND QUALIFICATIONS REQUIRED
- Good understanding of, and experience with Information Risk Management, IT Security and Compliance and Security Controls and Audit
- Advanced understanding of internal and external IT security standards, SOX, PCI, SOC2/1, ISO27001 standards and relevant legal compliance aspects.
- Robust understanding of, and solid experiences with the impact of Security on application development and operations as well as the IT Infrastructure.
- Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizational boundaries.
- Good understanding of cloud security requirements and third-party control assurance.
- Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups.
- Technical knowledge & relevant experience in security domains/technologies related to:
- Infrastructure/Network security
- Identity and Access Management
- Business Impact Assessment
- Application security
- Data Leakage Prevention
- End-Point Protection
- Web filtering technologies, Proxies and Firewalls.
- Vulnerability Assessment/Penetration Testing
- Cloud security
- Knowledge of Data Security Standards: PCI DSS, Privacy Principles
- Driving Platform/Application security and compliance
- Ability to foresee and identify mitigation strategies for RisksCandidate must also:
- Display excellent communicating and influencing skills
- Display analytical and problem solving skills
- Be pro-active and self-motivated
- Display strong interpersonal and negotiating skills with all levels of staff
- Display Ability and eagerness to quickly learn new technologies.
QUALIFICATIONS
- A qualification one of the following:- in CISSP, CISA, CRISC or CISM
EXPERIENCE
- Must have previous experience in an (Information) Risk and Control Advisory role
IRM Security/Information Security/Information Security & Compliance/GRC/IRM/Security & Compliance Information/Cyber Information Security
Projektdetails
-
Einsatzort:
Den Haag, Niederlande
-
Projektbeginn:
asap
-
Projektdauer:
6 months Rolling
- Vertragsart:
-
Berufserfahrung:
Keine Angabe
Geforderte Qualifikationen
-
Kategorie:
IT Entwicklung, Medien/Design