Description
IT Security Auditor/Risk Assessor - Brussels (remote possible during COVID)
Languages: ENGLISH only.
Skills and Experience:
- University degree in the field of Information Technology.
- At least 10 years of professional experience in IT Security.
- Knowledge and at least 6 years of experience in the following domains:
- In-depth knowledge of information security (INFOSEC) especially in the field of classified systems, cryptography and security evaluation scheme (Common criteria, ITSEC)
- Experience performing risk analysis using a formal internationally recognised risk assessment methodology like EBIOS, MAGERIT, MEHARI
- Experience in the use and the deployment of certified/approved security component like Firewalls, virtual private network, IP encryptors
- Knowledge of UNIX family Operating Systems (x86 Linux, mainly RHEL)
- Public Key Infrastructure - X509 certificates
- Drafting skills are required in the development of technical documentation
Description of work:
- Objective of the mission:
- The accreditation team of the Unit "Information Security" is in charge of supporting the development teams in the development of the accreditation artefact, recommending appropriate solutions, performing the formal accreditation verification.
Description of Tasks:
- Provide support and recommendations to the development teams and Project Managers of classified CISs in the view of the security accreditation:
- Review of the development/system documentation
- Analysis and elaboration of recommended approach/solution
- Work in cooperation with the development teams.
- Follow-up and run the accreditation process of these CISs in accordance with Regulations:
- Development of the accreditation documentation as defined in Security Notice 2
- Development of risk assessment using formal methodologies
- Regular review of the Approval-To-Operate
- Provide support to the security inspections
- Investigate and elaborate proof-of-concept solution that could be accredited and integrated in classified CISs after their industrailization:
- Integration of existing security approved/certified components
- Prototype test and evaluation
- Preparation of the accreditation
- Preparation of its industrialization via contract
- Development of the relevant documentation (draft reports, meeting minutes) and the review of the documentation provided by the stakeholders.
Please send your CV to Navaid Faiz/Jemel and call to discuss further.
We are an equal opportunities employment agency and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age.
We champion difference in the world of technology recruitment and work with clients who actively wish to diversify their talent force - ALL applicants welcome to apply