Information Security Control Officer

Brussel  ‐ Onsite
This project has been archived and is not accepting more applications.
Browse open projects on our job board.

Keywords

Description

Job Description:

One of our most prestigious clients is looking for an Information Security Control Officer who will:
- 1/Contribute to define and implement an Information Security Internal Control Plan.
- 2/Define/formalize together with the process and asset owners the controls required to monitor the information security solutions (technical and non-technical).
- 3/Coordinate the execution of the security controls across the different BNPPF entities.
- 4/Help with the identification of remediation actions to address control defects and follow-up on their progress till their closure.

The previous activities will ensure that:

- a) the security control plan is executed as expected.
- b) the security control plan is enriched through the definition and formalization of additional controls.
- c) control gaps identified are addressed through definition and completion of remediation actions.
- d) the remediation actions are subject to effective oversight.

As Information Security Control Officer the candidate will:
- 1/Contribute to define, document, promote and implement an Information security Control Plan throughout the Organization.
- 2/Identify control points that can help verifying:
   - a) that the organization is adequate to steer the information security activity
   - b) that the security processes are deployed in compliance with the procedures.
- 3/Define the operating mode of the security controls via the creation and maintenance of Control Reference Cards, that document the objective and scope of the controls as well as the scoring approach and some implementation guidance.
- 4/For each run of the control plan, consolidate the control results obtained from the different entities. Check the coherence of the control results based on evidence received. Challenge anomalies.
- 5/For significant control gaps, help the implementation managers with the identification of remediation actions. Ensure that the remediation actions are SMARTLY defined and are assigned to the right owner.
- 6/Perform a monthly follow-up and report on the progress of the remediation actions. These remediation actions are contained in a central repository which requires proper administration. 7/Write memos on control results and progress of remediation actions to the attention of senior management.

Language:
- English.
- French and/or Dutch is nice-to-have but not mandatory.

Expertise:
- 3 to 5 years' experience in this area.

Certification:

- CISM (ISACA) is mandatory.
- CISSP (ISC²) is a plus.
- Audit background and certification (CISA) not requested.
- PRINCE2 or practical project management experience.
- Practical knowledge of Information Security control management required not theoretical.
- We are looking for a Doer not only a Thinker .
- Very good knowledge of the ISO 27001, ISO 27004 and Security Metrics are required.

Start date
ASAP
Duration
6 months + extensions
(extension possible)
From
Base 3 Systems S.A.
Published at
28.01.2014
Project ID:
656574
Contract type
Freelance
To apply to this project you must log in.
Register