Description
Security Governance Consultant (Security Architect)
English speaking
Job role description:
Our client, who is a telecoms company based in Brussels are looking for a Security Governance Consultant (Security Architect) to assist them ensuring their policy framework is aligned with threat landscape, business transformation, technology capabilities and organisational structure. CISSP, CISM, GIAC, SABSA or similar Information Security certifications is a strong asset.
Telco industry knowledge and experience: The candidate must have multiple project experiences defining reference architectures or solutions within the telecommunications or cloud industry.
Experience:
Requirements:
- Familiar with infrastructure and business architecture
- Applied and integrated a broad variety of security technologies, producing layered, defence-in-depth security architectures.
- Reconcile multiple stakeholder viewpoints, using architectural patterns and trade-off scenarios.
- Applied Information Security industry standards/best practice frameworks (eg SANS 20) in large organisations.
- Maintained a holistic perspective on the security capabilities needed to support or deliver the enterprise's strategic goals and objectives. These capabilities cover a broad variety of security domains: IAM, EPP, application security, etc.
- Acquired skills in general project management, system development life cycle and architecture documentation.
- Applied regulatory and legal requirements related to information Security and Data protection.
- Applied risk management methods and techniques in large risk environments.
Professional Skills:
The candidate actively can identify and prepare amendments to the policy framework. Additionally, the candidate also participates to overseeing the on-going ISMS operations, identify improvements opportunities and subsequently propose amendments to the Security Governance Operating Model.
Requirements and experience:
- Risk management methods
- Architectural requirements definition and management:
- Process modelling incl. state & event modelling, use case modelling, domain modelling, service modelling
- Security tactics & design patterns
- Security Management standards & frameworks:
- ISO 27001
- SANS CSC20
- ISF SoGP 2016
- Security domains and standards:
- Cryptography (incl. Key Life Cycle Management)
- Identity & Access Management
- Vulnerability and Patch Management
- Networking technology
- IT and security infrastructure standards:
- J2EE & Application Servers: WebSphere, WebLogic, JBOSS
- XML (incl. XSLT, SPML, SOAP, XACML, SAML...)
- ESB implementations
- Operating Systems: Windows, Solaris, Linux
- OASIS WS-*