Description
Security Policies and Standards Specialist (ISO 2700x) with Technical Background
Role:
As an Policy and normative framework Coordinator you will carry the following responsibilities:
Maintain Information Security Policy:
- Keep the Information Security Policy set in line with the authoritative sources (laws, regulations, contractual obligations and Group requirements)
- Capture and analyse the feedbacks from the field (1st line implementers, Risk Assessors) in order to improve the Global Security Policy set
- Ensure that the policy requirements are clear and non-ambiguous
- Ensure and consolidate the efficiency and effectiveness of the Global Security Policy set
- Get the policies validated by the Global Security Community and then approved by the Top Management
Manage Global Security Normative framework:
Establish, maintain and supervise the implementation of the necessary processes for:
- maintaining and approving the Global Security Policy set
- managing the Global Security Standards
- ensuring the End-to-End compliance and traceability in the Global Security Normative framework (from the Authoritative Sources to the operational implementation)
- managing the non-compliances
Ensure appropriate Statement Of Applicability
Based on a good knowledge of the bank processes, entities, assets, and a personal network within the bank:
- Identify affected assets and processes;
- Attribute implementation responsibility;
- Get implementers' acceptance on the attributed implementation responsibilities;
Perform Legal & Regulatory Watch
- Ensure that all GS related authoritative sources are captured
- Perform gap analysis to ensure that missing elements are integrated when & where relevant
- In collaboration with Legal determine the applicability of the source to the bank
- Maintain an traceable inventory
Education:
- University degree in IT or science or an engineering degree, with a strong IT background or proven equivalent experience/skills in the area.
Languages:
English: Fluent
French and/or Dutch: Asset
Required knowledge/Experience:
- 3-5 years of experience in information security, in IT process management,
- Good understanding of IT security technology and processes (secure networking, web infrastructure, Wintel, UNIX, Mainframe, ATM, etc.);
- Certifications in ISO27k Information Systems Security Professional CISSP, CISA;
- 2-5 years' experience in developing and maintaining policies and/or processes (preferably in IT area).
- Experienced with regulatory requirements, ISO/IEC standards (eg: 27001 Information Security Management Standard)
- Tools: advanced knowledge and use of Office suite, relevant, Group tools, SharePoint,
- Coordination of/collaboration with externals resources
- Working experience with colleagues of BNPP Group ( Paris ) & ready to travel on ad hoc basis
- Certified ISO27001 Lead Implementer
- Experience in designing and implementing controls
- Knowledge of GRC Tools such as RSA Archer eGRC Suite;
- Project Management/coordination skills (Ability to run projects averaging days mostly intra-team).
- 2-5 years' experience in IT, Information Security environments
- Capability to quickly understand end-to-end process flows and control needs.
- Experience in creating memos to the attention of senior management level.
- Preference will be given to candidate that have a good knowledge/practical experience of different bank entities/processes if possible
Soft skills:
- Strong and proven Communication, Listening and Convincing skills with a customer oriented mind-set.
- Ability to work in a dynamic and multi-cultural environment with a strong team spirit;
- Quick self-starter, pro-active attitude
- Accuracy and clarity in writing skills
- Flexible and open to change and innovation
- Good analytical and synthesis skills
- Autonomy, commitment and perseverance
- Ability to manage time and priorities efficiently and to work under stress;
- Results oriented;