Description
Information security, application security, security assessments
One of the leading IT services and consulting companies worldwide, Capgemini operates in 44 countries, with over 130,000 people across the globe and 2013 revenues of over 13 billion Euros.
Capgemini Financial Services is looking for an experienced information security assessor/consultant to work within the technology & information risk area of a key investment banking client, reviewing a proposed project within the bank for security and compliance.
Duties & Responsibilities:
Planning duties will include:
- Security Assessment for compliance with SoX, HIPAA, ISO 27001, NIST, or other standards
- Security Architecture definition and review
- Communication with the project teams
- Educate the project participants in their roles and responsibilities for security
Security Duties will include:
- Understanding and research of proposed products and services within a project
- Coordinate with offshore team to review and approve proposed architectures
- Preparation of the findings and recommendation.
- Security advisory on projects
- Collaborate with other team members to facilitate the best recommendation
Offshore coordination duties will include:
- Work with the offshore team to conduct the process
- Work with the offshore team to prepare the reports
Customer Security Liaison will include:
- Advise customer about security aspects of the project.
- Deliver and discuss deliverables with project owners
- Solicit feedback and coordinate delivery of feedback on quality and timeliness of review.
Specific Tasks:
- Defining the target state project security and data protection.
- Creating documentation, using standard design tools and methodologies, that conveys the security findings and recommendation through concise diagrams and descriptions of the entities, relationships and constraints with examples.
- Applying the standards and target state requirements to assess the current state of the systems and identify gaps.
- Defining system specific target state documentation that addresses the gaps with specific recommendations.
- Providing clarifications and accountability for all design decisions of the program.
- Assessing, contributing to and validating solution design and platform selections.
- Reviewing all architecture decisions with cross-functional, cross-work-stream impact to application, data, infrastructure, and vendor solutions.
- Confirming compliance of design decisions with established enterprise standards, design policies, and frameworks.
- Researching new technologies and/or facilitating adoption as an enterprise standard
Skill, experience & general information required:
Required Skills and Experiences
- Strong IT security experience
- Strong security assessment experience
- IT Architecture and understanding of common vendor products used within a Web Architecture
- Security and Compliance principles and their applications to projects (ie Least Privilege, Confidentiality/Integrity/Availability, )
- Familiarity with Security Assessments and Risk Management
- Familiarity with Security infrastructure (ie encryption, Firewalls, VLAN Separation, DLP, ).
Desirable Skills and Experiences
- Technology design and implantation experience in an IT organisation preferably in the financial industry.
- Excellent written and verbal communication skills.
- Worked in onshore/offshore model
- QSA (Qualified Security Assessor) certification/experience
- CISSP Certification
Apply now for immediate consideration.