Description
Context of the mission
Our client is looking for a Security expert to strengthen their team.
Responsibilities of the Security expert
- Perform a general security risk assessment for new projects or for changes to existing applications, infrastructure components or services.
- To ensure that the new projects (or changes to existing systems and platforms) are compliant with the security policies and any security standards that our client has to comply with.
- Responsible for maintaining control documentation for ISO 27001 certification.
- Research and document the security risks raised by the new technologies introduced into the company in the IT, Telecommunications and Internet landscapes.
- Provide security requirements to be included in RFQ and RFP's based on our client Security NFR's and to evaluate vendor responses.
- Provide support to the end users, upon request, during the implementation of security requirements.
Profile of the Security expert
- University degree in computer science or equivalent combination of education and experience
- ISO 27001 Lead Auditor or Lead Implementer
- 3 to 5 years of hands-on experience as a security architect, a security analyst, or a similar role, dealing with multiple security domains (technologies, applications, services) and activities (concepts, policies, practices, procedures) preferably in a large organization
- Familiar with large and complex IT environments and data communications networks
- Good understanding of various security domains such as: IP network protocols and services, user authentication methods, encryption, voice technologies, wireless technologies, web applications.
- Very good knowledge of the security features offered by, and the security risks encountered in complex ICT environments
- Experience with security risk assessment methodologies is much appreciated
- Ability to understand business products and processes in order to perform related security risk assessment.
- Familiar with relational databases concepts and usage.
- Good understanding of the main security products and tools such as: Firewalls, intrusion detection and prevention, log file aggregators/analyzers, vulnerability assessment.