Description
Global Security - Police and normative framework Coordinator
The Global Security department supports IT and Business Units to develop adequate solutions in the following four areas:
- Information Security
- Business Continuity Management
- Data Protection & Privacy
- Physical Security
The mission of GS is:
- to enable sound and formal security and continuity risk decision making by management, and
- to help management with implementing a proper Information Security Management System' (ISMS).
The implementation of a suitable ISMS requires to define, an integrated normative and control framework, based on authoritative sources (eg: directives, laws), via policies and standards. The effective operational implementation of these policies and standards must be ensured through a compliance monitoring that measures the degree of conformity and effectiveness. The final objective being to provide reasonable assurance on the achievement and realization of important security and continuity risk control objectives.
Bank's Information Security Normative Framework mission is:
- to define & maintain up-to-date and traceable security policies and standards.
- to continuously improve its Information Security Normative framework
- to ensure that business and support stakeholders are aware of their obligations to comply with this informative Security Normative framework.
To support these activities, we are looking for an Policy and normative framework Coordinator.
As an Policy and normative framework Coordinator you will carry the following responsibilities:
- Maintain Information Security Policy
- Keep the Information Security Policy set in line with the authoritative sources (laws, regulations, contractual obligations and requirements)
- Capture and analyse the feedbacks from the field (1st line implementers, Risk Assessors) in order to improve the Global Security Policy set
- Ensure that the policy requirements are clear and non-ambiguous
- Ensure and consolidate the efficiency and effectiveness of the Global Security Policy set
- Get the policies validated by the Global Security Community and then approved by the Top Management
Manage Global Security Normative framework
Establish, maintain and supervise the implementation of the necessary processes for
- maintaining and approving the Global Security Policy set
- managing the Global Security Standards
- ensuring the End-to-End compliance and traceability in the Global Security Normative framework (from the Authoritative Sources to the operational implementation)
- managing the non-compliances
Ensure appropriate Statement Of Applicability
Based on a good knowledge of the bank processes, entities, assets, and a personal network within the bank:
- Identify affected assets and processes;
- Attribute implementation responsibility;
- Get implementers' acceptance on the attributed implementation responsibilities;
Perform Legal & Regulatory Watch
- Ensure that all GS related authoritative sources are captured
- Perform gap analysis to ensure that missing elements are integrated when & where relevant
- In collaboration with Legal determine the applicability of the source to the bank
- Maintain an traceable inventory
Education:
- University degree in IT or science or an engineering degree, with a strong IT background or proven equivalent experience/skills in the area.
- Languages Requirement
- French Good speaking and writing, or
- Dutch Good speaking and writing, and
- English Fluent speaking and writing
Required knowledge/Experience
- 3-5 years of experience in information security, in IT process management,
- Good understanding of IT security technology and processes (secure networking, web infrastructure, Wintel, UNIX, Mainframe, ATM, etc.);
- Certifications in ISO27k Information Systems Security Professional CISSP, CISA;
- 2-5 years' experience in developing and maintaining policies and/or processes (preferably in IT area.
- Experienced with regulatory requirements, ISO/IEC standards (eg: 27001 Information Security Management Standard)
- Tools: advanced knowledge and use of Office suite, relevant, Group tools, SharePoint, Coordination of/collaboration with externals resources
- ready to travel on ad hoc basis.
- Certified ISO27001 Lead Implementer
- Experience in designing and implementing controls
- Knowledge of GRC Tools such as RSA Archer eGRC Suite;
- Project Management/coordination skills (Ability to run projects averaging days mostly intra-team).
Business Experience - 2-5 years' experience in IT, Information Security environments
- Capability to quickly understand end-to-end process flows and control needs.
- Experience in creating memos to the attention of senior management level.
Preferable - Preference will be given to candidate that have a good knowledge/practical experience of different bank entities/processes if possible
- Strong and proven Communication, Listening and Convincing skills with a customer oriented mind-set.
- Ability to work in a dynamic and multi-cultural environment with a strong team spirit; Quick self-starter, pro-active attitude
- Accuracy and clarity in writing skills
- Flexible and open to change and innovation
- Good analytical and synthesis skills
- Autonomy, commitment and perseverance
- Ability to manage time and priorities efficiently and to work under stress;
- Results oriented;