Cyber Security Analyst

Description

Cyber Security Analyst

The successful candidate will join the Group Cyber Security - Security Projects and Services team which is part of the Corporate Technology division. The main responsibility for the Group Cyber Security (CSM) team is to ensure that the technology infrastructure protects corporate assets from unauthorised access, modification, disclosure and destruction. CSM SPS is the service owner of the logical security domain and infrastructure through the implementation of security services and infrastructure, risk assessments, requirements setting, and active participation in the project delivery life cycle, as well as ensuring adequate processes and procedures for the security administration teams.
As part of the CSM SPS team, the main responsibilities for the candidate are:

• Perform or coordinate the security validation to ensure effective implementation of security controls in project development life cycle
• Ensure the timely and effective remediation of security weaknesses and defects revealed in security validation during PLC
• Assist in coaching of application security controls with the SME and act as the security point of contact for the business and project teams
• Assist with SME for the integration of application security in projects eg authentication and authorisation, non-repudiation, cryptographic controls, data protection
• Produce documented security services, technical standards or principles.
• The successful candidate must be a service oriented, organised and independent security professional with some experience in the security domain or in the IT application security architecture.

Profile:

Skills and experience required from the candidate:

• be a team player who communicates in an open, respectful and constructive way with her/his customers and peers, both verbally and in writing. The candidate will take ownership and ensure that organizational quality standards are met.
• be a very good communicator in English, both verbal and written, and able to discuss and defend the security interests with individuals and groups of senior business people as well as deep technical IT experts.
• proven experience in security risk assessments, development of functional security requirements, process design and management reporting. Experience in security design, architecture and project management is a strong advantage.
• Familiarity with industry best practices in key domains: risk assessment, application security, identity and access management, and secure development on all platforms.
• Sound security design principles, based on confidentiality, integrity and availability requirements and other ISO27002 security principles are an asset;
• Application security knowledge with a good understanding of software development and OWASP guidelines
• Knowledge of and experience with security technologies including IDAAS and identity management platforms, PKI and cryptographic solutions, web application Firewalls, automated code review tools, secure management access, virtualization, XaaS solutions
• Sufficient background knowledge with regard to network principles and protocols used in WAN and LAN's, DMZ, Internet security, network segregation
• Experience with a subset of Unix, Windows System, Tandem, Mainframe security and assurance
• Preferred professional certifications are CISSP, CISM, CISA, ISO 27001 LA/LI.