Description
Security Metrics, CISM, ISO 27004, ISO 27001
As part of the permanent and operational security metrics framework, a set of critical security metrics have been defined and require to be executed and continuously improved on a regular basis.
Responsibilities: Define/formalize together with the process and the asset owners the security metrics required to monitor the information security controls and activities relating to them. Coordinate the preparation and the execution of the security metrics across the different business lines. Help with the identification and the follow-up of remediation actions to address bad scores. Perform a risk assessment upon bad scores and propose/follow-up recommendations aiming to mitigate the risks. Write memos on metrics execution outcome and progress of remediation actions to the attention of senior management.
Required skills: At least 3 years' experience in defining and implementing security metrics. More than 5 years in information security business especially. Overall security technical knowledge. Project Management background. Excellent understanding of concepts of security metrics and measurements. Experience in the implementation of ISO 27004 or equivalent. Very good knowledge of the ISO 27001.
Certification: CISM. ISO 27001 is a plus. CRISC is a plus. CISSP (ISC²) is a plus. Languages: English is mandatory. French and/or Dutch is nice-to-have but not mandatory.