IT Information Security & Compliance - Technical Role/Netherlands/6 mo

South Holland  ‐ Onsite
This project has been archived and is not accepting more applications.
Browse open projects on our job board.

Description

IRM Security/Information Security/Information Security & Compliance/GRC/IRM/Security & Compliance Information/Cyber Information Security

General Position Definition

The purpose of the IRM (Information Risk Management) Function is to ensure (as a second line of assurance, with Internal Audit providing the Third Line of Assurance) that we are addressing Information Risks in an effective and efficient manner, commensurate with our risk appetite, and being seen as an industry leader among peers and key suppliers of security services.

The Information Risk posture of with us includes a wide variety of potential business impacts, such as HSSE impacts, production loss, financial and maintenance operations loss, loss of Most Confidential bidding data. Each of these Information Risks has a potential impact of $1bln+.

The IRM Function defines requirements for the assessment of Information Risks, defines the selection of mandated IT Controls, and defines and executes assessments of the design and operational effectiveness of these controls. The function organises communication campaigns to impact the behaviour of business and IT staff where it relates to Information Risks.

In addition to these preventative measures, the IRM Function includes a Cyber Resilience function to understand the cyber threat landscape and the vulnerabilities to cyberattacks in IT systems and services, to detect malicious behaviour and to respond to incidents.

Organisationally, the IRM Function reports to the Group CIO. The IRM Function consists of a central team with the Strategy, Learning, Risk and Transformation teams. The IRM Function in the IT Operations Organisation (ITSO) consists of the Detect and Respond Teams and there are business specific teams in each Business and in Global Functions IT.

Given the Cyber threat landscape and its development, it is critical that the IRM Function collaborates closely with suppliers and industry peers and collaborates effectively with government agencies in key countries that we operate in.

Position description - Purpose

The purpose of this position is to:

  • Ensure Business Teams are aware of the risks in terms of Confidentiality, Integrity, Availability, Legal & Regulatory and help them make risk aware decisions.
  • Ensure appropriate and sufficient security controls are in place and tested to maintain a secure posture in the organization.
  • Ensure projects originating from any global location is risk assessed and reviewed for information security
  • Position description - Accountabilities

    Accountabilities

    • Act as an Information Risk and Compliance Advisor
    • Understand Technology Landscape (Application and Infrastructure) and proactively review our information security and related risks wrt threats and vulnerabilities, legal and regulatory compliance
    • Facilitate smooth conduct of Risk Assessment (including Legal & Regulatory) on Applications, Network& Systems
    • Perform end to end Security Assessment on vendor offerings - New/Leveraging existing (SAAS/PAAS/IAAS) services including integration with our environment.
    • Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies. Collaborate with Controls Testing Team and ensure all the controls outlined for an application/Infrastructure are designed effectively.
    • Coordinate in conducting VAPT (Vulnerability Assessment and Penetration Test), Review VA-PT results and recommend the risks to be remediated.
    • Work with Project Managers, Business Analysts, Architecture and Support Team to ensure that our IRM standards are being
    • Ensure all the risks are documented, classified and addressed with appropriate action as per the IRM standards.
    • Active participation in driving education and awareness of Information security related issues and risks to Business/Business IT Teams,
    • Support in development of tooling to support IRM processes and ensuring this is fit for purpose.
    • Actively participate in reviewing and improving the Information Security Controls implemented in the organization.
    • Active participation in the Assurance and Architecture level discussions in the engagements.
    • Actively participate in IRM team and community meetings, representing IRM and Business interests in applying setting standards and policies for the Group and the businesses, leading to a fit for purpose, evergreen IRM framework.
    • Support during Internal/External Audit
    • Ensure that IRM continues to focus on risks significant to the Business, with emphasis on innovation.

    Position description - Dimensions

    Dimensions

    • An Individual Contributor, part of the Global IRM team
    • Face of the IRM; Interfaces with Project Delivery staff/Business/Business IT teams

    Position description - Special Challenges

    Special Challenges

    A special challenge will be to stay on top of the many engagements while at the same time having a deep understanding of Information security.

    Communication and Stakeholder Management skills are essential for this role, being able to cut through complex IT issues and explaining those in easy Business language.

    Experience and Qualifications required

    • Good understanding of, and experience with Information Risk Management, IT Security and Compliance and Security Controls and Audit
    • Advanced understanding of internal and external IT security standards, SOX, PCI, SOC2/1, ISO27001 standards and relevant legal compliance aspects.
    • Robust understanding of, and solid experiences with the impact of Security on application development and operations as well as the IT Infrastructure.
    • Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizational boundaries.
    • Good understanding of cloud security requirements and third-party control assurance.
    • Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups.
    • Technical knowledge & relevant experience in security domains/technologies related to:
    • Infrastructure/Network security
    • Identity and Access Management
    • Business Impact Assessment
    • Application security
    • Data Leakage Prevention
    • End-Point Protection
    • Web filtering technologies, Proxies and Firewalls.
    • Vulnerability Assessment/Penetration Testing
    • Cloud security
    • Knowledge of Data Security Standards: PCI DSS, Privacy Principles
    • Driving Platform/Application security and compliance
    • Ability to foresee and identify mitigation strategies for RisksCandidate must also:

    • Display excellent communicating and influencing skills
    • Display analytical and problem solving skills
    • Be pro-active and self-motivated
    • Display strong interpersonal and negotiating skills with all levels of staff
    • Display Ability and eagerness to quickly learn new technologies.  

    Qualifications

    • A qualification one of the following:- in CISSP, CISA, CRISC or CISM

    Experience

    • Must have previous experience in an (Information) Risk and Control Advisory role

    IRM Security/Information Security/Information Security & Compliance/GRC/IRM/Security & Compliance Information/Cyber Information Security

    Start date
    n.a
    Duration
    6 months Rolling
    From
    iBSC
    Published at
    20.06.2018
    Project ID:
    1578328
    Contract type
    Freelance
    To apply to this project you must log in.
    Register