Description de la mission
Client context :
Our client has just created a new division in its group and is the result of the recent merger of the former entities.
The organization has as an objective to enhance and converge the Information Security mgmt. processes and practices across the former entities that constitute the new division.
There are several activities that needs to be performed that are in-between general BAU and small projects that require light touch project management. These the can very short engagements working with stakeholders in :
- Information Security,
- Global Technology,
- Information Risk Management
- other functions
To augment the Information Security team to perform these small projects, provide guidance and acquire outcomes/decisions from stakeholders. The role requires a security SME/generalist with cross section of process, technology and project management. The specialist will work under the responsibility of the Head of IS Services and Risk Management or delegate. The responsibilities of the role will include the following:
- Implement new processes with Information Security to support BAU activities – this includes working with stakeholders to identify the gaps in security controls, define activities to remediate and produce documentation.
- Perform gap analysis of technical controls at the new division and the client’s Group mandated requirements. Work with Global Technology stakeholders to improve the maturity score and support the Transversal Coordinator to ensure timely submission of quarterly reporting
- Work with other Information Security personnel on gathering information for local and the client’s Group reporting requirements – Transversal Audit, DLP Tracker, Second Opinions, Internal Audit, Internal Financial Controls
- To prepare presentation for senior management and security committees.
- A general understanding of technical hardening standards e.g. CIS Level 1
- Liaise with project manager to support the development of the risk acceptance (PM is responsible) where needed.
- Manage project RAG status ensuring activities trending amber and red are highlighted to management.
- Work as the technical SME to participate on IT and Security projects to implement new processes and technologies
- Able to develop lightweight project plans based on multiple smaller activities and report against achievements.
- Able to perform Information Security Application Risk Assessments.
- Good understanding of Azure Information Protection technology including formation of rules.
- Good understanding of Data Loss Prevention controls and rules.
- Good understanding of Varonis and rules. Maintain existing and produce new documentation.
- Good understanding of Key Performance Indicators
All deliverables are subject to an internal quality assurance and peer reviews will be conducted by the Information Security team.
- Bachelor degree in Computer Science, Engineering, or related field with a minimum of 10 years of
professional experience (Required)
- Strong knowledge of performing project risk assessments
- Experience in performing Information Security technical risk assessments > 10 years (Required)
- Proficient in information security risk and governance frameworks (ISO 27005, EBIOS)
- Expert analytical and reporting skills (Required)
- Expert in Microsoft Office (Word, Excel, PowerPoint, Access) (Required)
- Ability to effectively communicate and positively influence diverse stakeholders and team members (Required)
- Excellent attention to detail and the ability to create clear, concise and engaging presentations (Required)
- Fluent in English (Required)
- Information Security and /or Information Technology industry certification (CISSP, CISM, CRISC, GIAC, CISSP or equivalent) (Required)
- Experience in articulating IS risks in business language and advising on the appropriate risk
- management action > 5 years (Preferred)
- Experience in information security management reporting and related methodologies > 5-10 years (Preferred)
- Experience in multinational companies (Preferred)