Description
This role is inside IR35 for UK applicants!
Role:
This is a security analysts role where you will define, require and monitor the applicable cyber-security controls to protect different data sources according to data attributes such as the classification, criticality, nature of the data and the storage as well as the location (on-premise or in the cloud).
In the Data Protection Governance Team, we are expected to:
- Design the cyber-security data protection controls for detection and prevention such as Data Leakage Prevention, Encryption (data at rest, in motion, in use), Signing, Digital Right Management, Backup/Restore & Archiving, Data Access Governance, Data anonymisation,
- Require the implementation of these controls to the data owners with the control objectives to meet
- Assess a security risk in data protection from both a conceptual and a technical level
- Monitor the implementation of these controls to the data sources
- Collect the evidences of the control efficiency
- Communicate the evidences upon request from the internal or external Audit, the regulators or for the yearly ISAE3402 exercise
- In these context the collaboration is crucial with the different teams involved in security risk management
- Partner with representatives of Cyber-Security, IT, Risk, Audit and other key business teams to advance data protection initiatives.
- Develop a high-level of trust with stakeholders to ensure on-going commitment.
- Foster a team environment, open to communication and collaboration.
Qualifications, Skills and experience:
A combination of several of the below should be covered:
- IT-security professional with solid experience in the infrastructure security domain, in the IT application security domain or in the data security domain.
- Extensive knowledge of market standard control framework like the CIS TOP20, NIST 800-53 Rev.5, ISO , SWIFT CSCF, FISR (aka FML),
- Knowledge of Data Protection controls such as encryption (DAR, DIM, DIU), data hashing, data signing, data anonymisation, DRM, DLP, CASB, data access governance, etc.
- Experience in IT Risk Assessment, Control efficiency check-up and risk management
- Understand the difference between an inherent risk, a residual risk and an inefficient control; risk addressing and risk mitigation
- Experience with SQL, Datamodelling and technical documentation
- Cybersecurity training and certification in CISSP, CISA, SSCP, GSEC, SANS or equivalent is a plus.