Description
Risk Management - Information Security (not purely IT!) /Asset Classification Model, Bank, Brussels
Objective : My client, a successful bank based in Brussels is seeking an Information Security Analyst to revise/upgrade/improve the asset classification model. This will allow the bank to implement a proportionate and effective Information Security control framework. Please note that Information Security is not the same as IT Security!
Tasks:
1. Identify the assets critical to delivery of the bank's business objectives:
critical assets could be:
- people: eg. employees, clients, customers, regulators;
- processes and services: eg. computing and communications services;
- software: eg. application and system software, development tools and utilities;
- physical assets: eg. computers and communications equipment, stocks & bonds;
- currently, the bank seeks proportionate protection of critical assets by preserving their:
- confidentiality - ensuring that unauthorised individuals cannot access critical assets;
- integrity - ensuring that critical assets are not accidentally or deliberately removed, corrupted, damaged or harmed;
- availability - ensuring that critical assets are available when required and will support the bank's operational capability; and
- compliance - ensuring that relevant legal and regulatory requirements are adhered to.
2. Re-evaluate the asset classification criteria to obtain a limited list of critical applications;
3. Develop the end-to-end relation between business service, applications and assets;
4. Propose changes in the service catalogue in order to take other factors into consideration (Internet facing services/applications, outsourced/SaaS services, identification of confidentiality and integrity levels, business revenues, market criticality).
Essential skills :
At least 10 years experience in Information Security Management or Risk Management;
Experience in defining asset classification model and drafting policies;
Good knowledge of international security standards such as COBIT, ITIL, ISO 27000 series;
Capable of reviewing and approving technical design documents;
Practical experience of conducting Risk Assessments;
Good understanding of, and practical experience of applying IS policies, procedures and standards;
Analytical and critical mindset;
Good oral and written communication skills.