BRH17626

Security & Compliance Officer

Category:

IT Infrastructure/support

Project description:

As an Information Security Control and Compliance Officer you will carry on the activities listed below:
Develop, Implement and Maintain Information Security Controls (with a special focus on IT and Third party security)
In order to ensure that the organization, processes, and assets are managed in accordance with the security policies, and that therefore the risks are controlled:

  • Support first-line in the definition and implementation of security controls;

  • Coordinate and monitor the execution of first-line controls;

  • Follow-up and report to management and second line of defence the results of first-line controls and status of remediation actions (e.g. Third Party Control plan);

  • Provide advice on improvement of existing security controls

  • Participate and lead some parts of the project wrt Group Major controls (Network Segmentation, Application security, Management of Logs,…).



Contribute to the tasks of Global Security Information Security Normative Framework

  • Acquire and maintain knowledge of Global Security (GS) information security policies, their evolution and alignment with Authoritative sources, other frameworks and legislation;

  • Perform gap analysis to ensure that the essential security requirements and risks are addressed and covered through the Control plan;

  • Provide a multidimensional compliance view (towards Group, toward PCI DSS,…);

  • Maintain a traceable inventory of changes related to controls and updates in GS normative framework.

Technical skills:

Preferable: Certifications in ISO27k series, Information Systems Security Professional CISSP, CISA…

3-5 years of experience in Information Security and in IT process management.

MANDATORY

  • 2-5 year experience in IT security technology and processes (good knowledge of Identity & Access Management is a plus);

  • Experience in Metrics definition and dashboarding;

  • Good knowledge of Excel (pivot tables, formulas) and Access;

  • Knowledge of SharePoint (as a user).

  • 2 years’ experience in developing and maintaining policies and / or processes (preferably in IT area);

  • Experienced with regulatory requirements, ISO/IEC standards (e.g.: 27001 Information Security Management Standard,…), laws and regulations;

  • Coordination of / collaboration with external resources

  • 2-5 years’ experience in IT, Information Security environments;

  • Capability to quickly understand end-to-end process flows and control needs;

  • Experience in drafting memos and reports addressed to senior management level.

PREFERABLE

  • Certified ISO27001 Lead Implementer;

  • Knowledge of NIST control framework, PCI Standard, CIS20, SIG;

  • Experience in designing and implementing controls;

  • Knowledge of GRC Tools such as RSA Archer;

  • Project Management/coordination skills (ability to run projects mostly intra-team).

  • Preference will be given to candidate that have a good knowledge / practical experience of different bank entities / processes if possible.

Soft skills:

  • Quick self-starter, pro-active attitude; team player;

  •   Excellent English writing skills;

  •   Good communication and influencing skills; ability to capture and adapt to stakeholder expectations;

  •   Good analytical and synthesis skills, be precise and methodological, ability to produce structured and concise documents;

  •   Autonomy, commitment and perseverance in personal organization;

  •   Ability to work in a dynamic and multi-cultural environment;

  • Results and time-oriented; high performer

Contact person:

Contact name: Yves De Vocht