Description
For our end client in The Hague we are looking for a candidate to provide information security skills that will enhance the team's ability to fulfil both its regular and additional goals and objectives.
Start:
End: , option to extend
Hourly rate: 60/h
What you will do:
Assisting with the information security review of automation projects and providing information security related advice to the staff managing and working on those projects.
Understand the challenges and threats facing the business and translate this understanding into sound security requirements for new and existing IT Infrastructure that effectively mitigate identified risks whilst allowing the business to continue to operate effectively.
Complete technical risk assessments as necessary.
Identify system vulnerabilities as necessary and complete or propose work to test the security of a system using specialists in penetration testing.
Collaborate with the architecture team with translating the security requirements into a security architecture.
Monitoring and advising on information security issues related to the systems and processes to ensure that the security controls effectively mitigate risk and operating as intended.
Assisting with the establishment of all elements of the ISMS including continuing development and documentation of information security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
Collaboration with IT management, the legal department and the operational IT and physical security groups to support security management implementation and enforcement while representing the security team in a positive light, ensuring that it is seen as a business enabler.
Assisting with responses to information security incidents and vulnerabilities.
Qualifications, skills and experience required
Required/Expected - 7 years+ of progressive experience in IT Infrastructure and information security, including experience broad experience in securing Internet technologies.
Highly Desirable - Demonstrable broad knowledge and hands-on experience of infrastructure technologies through the entire infrastructure stack, including: network, virtualisation, SAN, server OS (Windows and UNIX) and common business technologies (for example, SQL Server, SharePoint). Technical knowledge of and experience working with computer systems and the application of security to those systems.
Highly Desirable - Knowledge and practical experience of security risk assessment following ISO 27005 and/or eSABSA standards and methods.
Highly Desirable - Knowledge of information security standards, in particular ISO 27001 & 2, rules and regulations related to information security and data confidentiality and desktop, server, application, database, network security principles for risk identification and analysis.
Required - Strong analytical and problem solving skills.
Required - Ability to communicate (oral, written, presentation) in English, interpersonal and consultative skills.
Highly desirable - Experience should include security policy development, security education, risk analysis and compliance testing.
Highly desirable - Experience in large, international organizations.
Highly desirable - Experience with application security.
Highly desirable: CISSP, GIAC, or other security certifications and/or membership of a professional institution representing security professionals.
Desirable: System penetration testing, application vulnerability assessments.
Desirable: Security Incident Management, including incident analysis.
Desirable: SABSA, TOGAF, experience and/or certification.
Technical knowledge and expertise
Very good knowledge and experience of many of the following technologies is highly desirable.
o Firewalls
o IDPS
o VPN technologies, including SSL.
o Web Access Management
o Malware protection
o Authentication technologies such as Radius, Kerberos, Single-Sign On, Vasco tokens, Federation (SAML, WS-Fed), WebSSO, two factor authentication
o Authorization including RBAC, Rules based authorization
o LAN, WAN and SAN concepts and technical implementations
o Mainframe, Windows, Unix, Linux Operating Systems
o Identity Repositories including LDAP, Active Directory, RACF
o IAM suites including Microsoft FIM 2010, Microsoft ADFS
Is this you? Apply now with your ENGLISH CV and a short motivation!