Responsibilities
Advise and Support as a subject Matter Expert in the field of DevSecOps:
* Participate in the efforts towards developing and improving the service in its growing scope and coverage among the departments;
* Perform analysis, design and implementation of the workflows and organisational processes for the functioning of the Team, the service delivery to the client and the interaction with the related services within or outside the department;
* Analyse the requirements resulting from the IT security policy framework in force and from the IT security threat landscape, taking into account the expectations of the business owners;
* Assessment of the level of the implementation of security processes on the corporate level, contribution to defining associated indicators and dashboards and contribution to reporting;
* Contribution to the initiatives facilitating the adoption and implementation of the processes and methodologies among the stakeholders (presentations, targeted consultancy sessions, case-specific handson assistance sessions);
* Contribution to the design, implementation and maintenance of a knowledge management system (KMS);
* Interfacing with IT security stakeholders, monitoring and advice in the implementation of security processes and measures (including the DevSecOps pipelines and associated processes).
* Maintain knowledge management base related to IT security;
* Proactive information sharing on IT security policy, standards and guidelines;
* Dissemination of good IT security practices;
* Explaining and facilitating the application of the methodologies through structured information dissemination, knowledge sharing and support.
* Initiation and follow up of IT security risk assessment and security plans of information systems;
* Advice regarding IT security related issues, including vulnerability management;
* Reporting on a regular basis to the Head of Department regarding IT security, shortfalls identified and ideas for improvement.
* Initiation and promotion of specific IT security related awareness-raising and training programmes;
* Promote Cyber Aware programme and the related educational material.
Qualifications
Master or Bachelor in IT
Required Skills
* Minimum 5 years experience in Cybersecurity Strategy: define objectives and build roadmaps.
* Minimum 5 years experience in architecting Cloud, Application or Network solutions.
* Minimum 3 years experience risk identification and Risk management Methodologies, such as ITSRM, ISO27005.
* Governance, Risk and Compliance (GRC) and tools such as ServiceNow.
* Good knowledge about the European cyber regulations, such as GDPR, NIS2, EU Cybersecurity Act, EU Cybersecurity Scheme etc
* Good knowledge of framework: ISO27001, ISO 27005, NIST SCF, NIST 800-53, CIS Controls
* Previous experience as Business development manager or product manager.
* Experience in managing risk from a 3rd party service provider, including cloud vendors.
* Strong drafting and communication skills in English both orally and in writing (level C1);
* Self-motivated and autonomous, with ability to manage and follow up on multiple tasks simultaneously;
* Strong analytical skills, ability to approach problems from multiple angles and find creative solutions;
* Ability to produce mature executive summaries, presentations and to engage with stakeholders at any levels, from operational staff to senior management;
* Proven capacity to analyse complex information, to consider options in a clear and structured way, to propose and implement recommendations and to make sound decisions;
* Ability to work effectively both with team members and with customers;
* Ability to work under pressure and with tight deadlines, to make timely decisions, to reprioritize tasks responding to changes in a rapidly evolving work environment;
* Ability to develop and set up processes and structures across various fields of activities;
* Strong ability to learn and apply new/emerging technologies