We are looking for a Cyber security consultant with experience in the implementation of ISO27001 certification.
Not a ISO27001 Auditor. It is a 'must' that you have iplemented ISO27001 already.
As a member of the Security Governance department , the Cyber Security Consultant assists the team on making sure the policy framework is aligned with threat landscape, business transformation, technology capabilities and organisational structure.
You will focus on infra critic (fixed/mobile voice, fixed/mobile data, fixed/mobial sms, interconnecting, ...).
- Identify and prepare amendments to the policy framework by
- writing functional security requirements in collaboration with our CSIRT team which provide a sufficient protection for our resources based on Attack Vector.
- making sure those function security requirements can be met using available technology.
- Assist the Enterprise Security Architecture team in mapping security requirements to IT Architecture Building Block used by IT to create High-Level Design
- Assisting the Enterprise Security Architecture team in defining Security Requirements for the Security Solution Building Block
- Assisting IT in identifying and providing remediation to possible compliance issues.
- Developing High Level Security Requirements to translate to leadership team (Director-level) detailing security requirements for them to understand the security impact on their business.
- Working with both our CSIRT & Enterprise Security Architecture teams to maintain Attack Vector on Architecture Building Block updated.
- a University degree in computer science or equivalent combination of education and experience.
- 3 to 5 years of hands-on experience as a security architect, a security analyst, or a similar role, dealing with
multiple security domains (technologies, applications, services) and activities (concepts, policies, practices,
procedures), preferably in a large organization.
- Knowledge of ISO 27001
- Familiar with large and complex IT environments and data communications networks.
- Good understanding of various security domains such as: IP network protocols and services, user authentication methods, encryption, voice technologies, wireless technologies, web applications.
- Knowledge in Cloud Azure is for sure a plus.
- Very good knowledge of the security features offered by, and the security risks encountered in complex ICT environments.
- Experience with security risk assessment methodologies is much appreciated.
- Ability to understand business products and processes in order to perform related security risk assessment.
- Familiar with relational databases concepts and usage.
- Good understanding of the main security products and tools such as: firewalls, intrusion detection and prevention, log file aggregators/analyzers, vulnerability assessment.
- Learning agility
- Good negotiation and communication skills
Fluent English with good knowledge of French and knowledge of Dutch.