As a global critical financial infrastructure, the protection of the bank information and assets is fundamental to the company's business. Security is at the core of our services, firmly Embedded in the management systems and processes of the company. You will be joining our Group Security & Business Resilience (GSBR) in charge of putting in place the required controls to adequately and effectively protect our information assets.
- You will join Security Assurance & Testing team who manage and coordinate:
- Testing of critical security controls
- Relationship with regulators,
- Cyber dashboard & Reporting
- Security governance structures (Group Security Committee, Service Dialogues...)
- Penetration testing
- Red team Exercises
- Entity-based stakeholders (CTOs, BISO) The main responsibilities for the candidate are:
- Plan & coordinate penetration tests with external provider
- Analyze penetration test reports and produce digests/synopsis
- Present & discuss the outcome of the Pen Test results to all relevant stakeholders
- Ensure the timely and effective remediation of security weaknesses and defects revealed in penetration testing activities
- Maintain an operational dashboard of applications/infrastructure/other assets requiring the testing, based upon schedules/frequencies
- Define, produce and publish compliance reporting
Skills and experience required
- be a team player who communicates in an open, respectful and constructive way with her/his customers and peers, both verbally and in writing. The candidate will take ownership and ensure that organizational quality standards are met.
- be a very good communicator in English, both verbal and written, and able to discuss and defend the security interests with individuals and groups of Senior business people as well as deep technical IT experts.
- proven experience in security risk assessments, development of functional security requirements, process design and management reporting. Experience in security design, architecture and project management is a strong advantage.
- Familiarity with industry best practices in key domains: penetration testing, application/infra/network security, identity and access management, and secure development on all platforms.
- Sound security design principles, based on confidentiality, integrity and availability requirements and other ISO27002 security principles are an asset;
- Application security knowledge with a good understanding of software development and OWASP guidelines
- Sufficient background knowledge with regard to network principles and protocols used in WAN and LAN's, DMZ, Internet security, , network segregation
- Experience with a subset of Unix, Windows System, tandem, Mainframe security and assurance
Preferred professional certifications are CISSP, GIAC, CISM, CISA, ISO 27001 LA/LI.
- Reference: NK385
- Location: Brussels
- Rate: 600-625 euros per day
- Duration: 9 months
- Start date: ASAP