A. Responsibilities:
Ensuring applicability of operational security in Run & Change activities
You configure and maintain security solutions in operational condition while performing IT operational technical security actions (vulnerability analysis & resolution, patching management, alert management, security incidents, technical access management, etc.). You check compliance with and observance of security standards and apply/deploy new operational security solutions.
You implement the security measures formalised/observed in projects by the GSO, contribute to the reflexion around the optimised security architecture and submit the implementation for the security assessment phase occurring before the official testing phase of the project.
You propose areas for IT security improvement and implement good security practices.
You implement & coordinate the closure of the recommendations that result from the penetration/intrusion tests.
You act as the Single Point of Contact on behalf of the IT Dept towards the local GSO as well as the Security representatives of the Head office by applying the security guidelines provided by them in the operations, projects & proof of concepts. This imply that on the field you will liase with the IT Production, architecture, development, IT risk, DPO and DQA teams to ensure that the security rules are well respected according to needs while acting as a facilitator for those collaborators with the aim of favorising automation
Together with the local GSO, you contribute to the formalization an appropriate BENE procedural framework to govern IT security operational processes
You configure and ensure operational maintenance of security solutions, execute operational security actions, ensure data are well protected
You lead technical IT security incidents resolution on the field, notably by continuously monitoring security solutions, analysing the logs, liasing with external parties( when involved) and have periodical reportings towards the local GSO.
You ensure the follow up in the execution of the obsolescence Mgt plans & IT continuity plans of assets by managing upgrades to the correct versions in compliance with the consistency & continuity of application assets.
You report and implement security remediation plans in relation with the IT risks with the collaboration of the IT Risk Officer.
You analyse and correct anomalies leading to IT security flaws reported by users
You act as the contact point for IT suppliers in order to follow up the execution of the implementation at their side on our behalf as well as assess the deliverables related to IT security aspects of the solutions / products.
You check with the collaboration of the Infrastructure team the compliance of technical / telecom/ application flows and issue alerts in the event of non-IT security compliance with norms and standards.
You setup, adjust & monitor operational IT security indicators/KPIs and action plans in order to remedy to non-compliant features, in collaboration with the IT Production, GSO & CISO teams.
Deliverables:
v Respect of compliance of the IT security architecture plan
v Assessment and remediation plans of IT security audits & reports results
v Assessment and remediation plans of IT security recommendations within projects
v Security monitoring reports & action plan of systems
v Security Problem/Incident Management reports & remediation plans
v Assessment and remediation plans of IT security risks
v Vulnerabilities & obsolescence reports & remediation plans via security patching follow ups & upgrades
v Enrichment of IAM via extracts of source applications to facilitate Access rights Mgt reviews
v Maintenance of inventories in relation with IT security related assets
v Apply remediation plans in relation with IT security related assets
v Operational security KPI reports & follow up of formalisation
v Assurance security plan elaboration & assessment reports for outsourced activities
v Formalisation of the procedural framework
Continuous improvement initiative
Your participation in proposing and, where appropriate, carrying out actions to apply security measures within applications while automating tasks in view to optimise the solution and act as a facilitor to the stakeholders is of key essence. Contributing to the elaboration of data & APIs while ensuring their protection by adopting an orchestrated/structured approach is valuable. Your capacity to collect & analyze data to manage and improving the security performance of solutions via a technical or process angle would be of added value.
We expect you to be open to new solutions and prospects for developing the technologies, tools and methodologies used.
Deliverables:
v Log analysis reports
v Technical document updates
v Optimising costs
I. Profile :
Education, experience and skills
v Bachelor degree in computer engineering/ cyber security engineering
v At least 6 years of experience in the IT security domain
v At least 6 years of experience with IT network engineering, IT Risk and Cybersecurity
v Excellent written and oral communication skills in English (must) and Dutch/French (desired);
v Certification: ISO27001, ITIL
Tools – methodologies – technologies
Ø Identity Access Management (IAM) solutions
- Priviledged Access Management (PAM)
- Single Sign One (SSO)
- IAM workflows management, recertification, training exercises, reconciliation
- ‘Non-standard’ rights management
Ø Data Protection solutions
Ø Logs collection solutions
Ø Forensic, SIEM, antimalware and EDR solutions
Ø Cryptology solutions
Ø Network security and firewall administration
Ø Vulnerability management solutions
Competences
Ø Analytical ability
Ø Ability to Deliver / Results Driven
Ø Ability to collaborate / Teamwork
Ø Attention to Detail / Rigour
Ø Creativity & Innovation / Problem Solving
Ø Ability to anticipate business / strategic evolution