Description
Technical Security Framework based on risk approach and has been deployed for more than 90 entities This Framework implies a common security level for all entity before using shared services. A project team has been deployed to roll-out all entities and follow compliancy level.
We are sourcing 1x Technical information Security Risk & Control specialist to support entities to follow remediation action plan based on Technical Security Baseline.
Main tasks
- Follow up entities
- Track progress (compliancy level) on the Technical Security requirements
- Communicate status and progress (ie with RCISO)
- Manage recurrent meeting with entities to exchange on progress (including action plan progress)
- Technical support
- Support entities on their remediation action plan (to be validated by the Regional CISO)
- Monitor action plan
- Collect and analyse remediation action plan
- Track progress on remediation action plan
- Challenge content of remediation action plan
- Share best practice within entities
Skills required
- Ability to function effectively in a complex and international environment
- Service Provider will have to address a Senior audience (C-level executives)
- It is necessary to have technical skills to understand Technical remediation action plan
- Proficient risk assessment, interpretation and analytical skills.
- Strong facilitation, negotiation and conflict resolution skills
- Fluent in English is mandatory: strong oral and written communications
- The overall experience of the Service Provider shall be of at least 5 years (Confirmed/senior)
- Experience in technical Information Security solution design and conducting technical risk assessments
- Experience in ISO 2700x is an advantage
- Expected deliverables Interviews with stakeholders should be organized and performed to support entities, reviewing remediation action plan and share progress status.
- Follow up entities
- Dashboard & KPIs (report)
- Follow up meeting Technical support
- Follow up meeting Monitor action plan
- Dashboard & KPIs (report)
- Follow up meeting (report)
- Communication to entities