Description
We are looking for 1x "IT Security Governance Specialist" to start a 9 months contract (initial, extensions likely) consultancy for an internat.Org'-client in Rome.
Our client is an international organisation and a great reference in any CV! English speaking environment.
JOB DESCRIPTION
Position Title: IT Security Governance Specialist
Duty station: Rome
Tentative Contract dates: May 2nd September work days with possibility of extension based on performance and budget availability)
Organizational context
Our Client has formally recognised cybersecurity as one of the top organisational risks. A team has been established (''IT Operational Security & Resiliency Taskforce'') to coordinate technical IT security augmentation and mitigation actions.
The IT Security program is composed of a set of diverse tasks and mini-projects aimed at improving IT processes and infrastructure, with a specific target of improving our Client IT Security posture.
Duties and responsibilities
The position reports to the Operational IT Security & Resiliency - Task Force Coordinator within the overall governance of the ICT Division. The position is highly visible and requires extensive communication and interaction with the Task Force Coordinator, our Client IT functional and technical leads and key stakeholders as well as an excellent understanding of IT systems. The IT Security Governance Specialist is responsible for:
The definition and implementation of an IT Change management process following ITIL best practices, which:
- Formalize a system-wide Change Management policy and procedures, covering key IT systems by specifying necessary process flows and defining appropriate roles and responsibilities.
- Implement the process and practices in the Infrastructure and Agile development domain: implementation should be at the People (training, communication), Process (definition) and Technology level (tool to support the process).
- The proposed process must be commensurate with our Client ICT size and risk appetite.
The definition of an Information Classification policy, the inventory and classification exercise that includes:
- Delivery of the Information Security Classification program which incorporates the steps required for assessing with stakeholders and business owners the corporate security classification of all information assets according to the Confidentiality Integrity and Availability principles.
- The following phases (or similar) are expected:
- Define the framework and necessary policy (new of modification of existing ones)
- Discover and classify the data through interactions with Business IT Users and stakeholders
- Implementation an information inventory with associated classification
- The data classification framework should be coherently implemented throughout the current IT governance framework.
The definition of a Segregation of Duties (SoD) Matrix covering internal ICT technical roles, which should include the following:
- Analyze and document a lightweight Segregation of Duties Matrix to determine conflicting roles and allow implementing necessary compensating controls if they are performed by the same person.
- The area of ICT to be covered are Infrastructure and Application development.
As needed: the design and review of IT Governance Policies and procedures related to internal IT processes such as: Access Control, Business Continuity, Incident response.
Other
- Perform other tasks required for the delivery of the IT Security programme and as determined by the Operational IT Security & Resiliency - Task Force Coordinator.
Required qualifications and experience
- A university degree in ICT studies, business administration or related fields.
- A minimum of 10 years of experience, 3 of which preferably in IT Governance, IT Risk, IT Audit or IT management consulting.
- Excellent organizational and time management skills.
- Excellent communication skills, both written and oral.
- Writing and editing skills in English.
Desired skills
- Exposure to and experience with application of industry accepted IT governance standards (eg, CObIT, ITIL or similar).
- Experience in designing and implementing IT processes.
- Knowledge of IT solutions supporting Change Management Process and Information Classification.
- IT Security Governance skills.
- International professional experience is desirable.
Required competencies
- Client Orientation - Focuses own and other efforts on understanding and meeting the needs of key clients within and outside our Client; Able to work effectively with clients and/or key stakeholders; Seeks feedback on the quality of service and makes improvements.
- Achieving Results - Ensures own work contributes to achieving our Client results; Regularly reviews progress to ensure work is on target; Prioritizes own and others' work to achieve key results areas.
- Working Together - Develops the team skills of team members; Encourages cooperation within and between teams and promotes the value of diversity in teams, such as in different views, culture, nationality, and gender; Facilitates conflict resolution within the team.
- Learning and Knowledge Sharing - Helps staff to find a variety of ways to learn and develop; Empowers staff to make improvements; Encourages the team to learn from each other.
Languages
- Excellent written and verbal communication skills in English are essential.
Award/Others
- The applicants attention is drawn to the important role that the curriculum vitae plays in the evaluation. Curriculum vitae shall illustrate the specific skills relevant to this request.
- We would like to receive CVs of suitable candidates together with pricing quotations, based on a daily net rate including travel costs for the services described.
- Place of Work: 100% on-site in Rome.
Provider
infom consulting is an owner-managed business and consulting firm in Germany. The company supports large corporations and larger SMEs across Europe. Our IT experts are realising projects for the European Institutions, United Nations agencies, International Organisations and multinational companies across the EU.