Description
Position: Security Governance Consultant
Job role description:
As a member of the Security Governance department, the Security Governance Consultant assists the team on making sure the policy framework is aligned with threat landscape, business transformation, technology capabilities and organisational structure.
Experience:
Requirements:
Is familiar with infrastructure and business architecture
Applied and integrated a broad variety of security technologies, producing layered, defence-in-depth security architectures.
Reconcile multiple stakeholder viewpoints, using architectural patterns and trade-off scenarios.
Applied Information Security industry standards/best practice frameworks (eg SANS 20) in large organisations.
Maintained a holistic perspective on the security capabilities needed to support or deliver the enterprise's strategic goals and objectives. These capabilities cover a broad variety of security domains: IAM, EPP, application security, etc.
Acquired skills in general project management, system development life cycle and architecture documentation.
Applied regulatory and legal requirements related to information Security and Data protection.
Applied risk management methods and techniques in large risk environments.
Credentials:
CISSP, CISM, GIAC, SABSA or similar Information Security certifications is a strong asset.
Soft Skills:
Requirements:
You are a doer and you can focus and deliver fast on different level of content.
Ability to write in simple terms and short sentences formal processes such as control procedure or security requirements.
Proven team player with excellent communication, presentation and negotiations skills, and the ability to interface will all levels of the enterprise.
Excellent analytical, conceptual, and problem-solving abilities.
Ability to keep pace with emerging technologies and trends, standards and products as required. Learns fast.
Ability to effectively prioritize and execute tasks in a high-pressure environment.
Proven leadership skills combined with a strong drive and orientation for results, ability to motivate self and others, and lead others towards a common goal.
High integrity, work ethics and commitment.
Strong decision making skills.
Excellent influencing and facilitation skills, particularly in problem solving/troubleshooting activities.
Professional Skills:
The candidate actively can identify and prepare amendments to the policy framework. Additionally, the candidate also participates to overseeing the on-going ISMS operations, identify improvements opportunities and subsequently propose amendments to the Security Governance Operating Model.
Requirements:
Risk management methods:
ISF IRAMv2
FAIR
OCTAVE
Architectural requirements definition and management:
Process modelling incl. state & event modelling, use case modelling, domain modelling, service modelling
Security tactics & design patterns: Tactics & patterns for confidentiality, integrity, availability, accountability, non-repudiation
Security Management standards & frameworks:
ISO 27001
SANS CSC20
ISF SoGP 2016
Security domains and standards:
Cryptography (incl. Key Life Cycle Management)
Public Key Infrastructure
Identity & Access Management
Vulnerability and Patch Management
Security in the Software Development Life Cycle
Resiliency, Disaster Recovery Planning, Business Continuity Planning
Application Security
Database Security
Web Services Security (OASIS standards)
Networking technology:
Routing & switching standards
VPN (IPSec, MPLS) standards
Etc.
IT and security infrastructure standards:
J2EE & Application Servers: WebSphere, WebLogic, JBOSS
XML (incl. XSLT, SPML, SOAP, XACML, SAML...)
ESB implementations
Directory technologies (LDAP) - Active Directory, Tivoli Directory Services
AAA: Kerberos, Tivoli Access Manager, WebSEAL, Juniper, Checkpoint...
Databases: Oracle, SQL, JDBC
Operating Systems: Windows, Solaris, Linux
OASIS WS-*
Telco industry knowledge and experience:
The candidate must have multiple project experiences defining reference architectures or solutions within the telecommunications or cloud industry.
Languages:
Fluency in English language in addition to your mother language both verbal and written, with the ability to communicate clearly