The successful candidate will join the Security Architecture & solutions - Application Security team which is part of the Group Security and Business Resilience division.
The main responsibility for the Group Security and Business Resilience (GSBR) division is to ensure that the technology infrastructure at the bank protects corporate assets from unauthorised access, modification, disclosure and destruction. Security Architecture & solutions is the service owner of the logical security domain and infrastructure through the implementation of security services and infrastructure, risk assessments, requirements setting, and active participation in the project delivery LifeCycle, as well as ensuring adequate processes and procedures for the security administration teams.
As part of the application security team, the main responsibilities for the candidate are:
- Defines, implement and ensures the proper functioning of security trust services within the PKI & Cryptographic security domain in line with security policies. Ensure the adequate and effective functioning of the bank's PKI and cryptographic security services.
- As PKI policy officer, define, implement and maintain the PKI hierarchy and the certificate policies. Oversee and improve the current certificate LifeCycle processes. Ensure adherence to the CA Certificate practice statement. Ensure PKI/CA best practices for special purpose Certificate authorities e.g. CA for Mobile device management, MS PKI CA for device client certificates, Cisco CA,
- As cryptographic subject matter expert, define and manage the key management LifeCycle processes to ensure adequate cryptographic key protection and use. Use the Venafi product suite to facilitate and operate key management operations. Support the secure implementation of smartcard or HSM-based certificate authentication on technology and process point of view.
- Define and maintain the cryptographic policies and standards, define the acceptable cryptographic standards, algorithms and key sizes, to adequately protect the bank's information assets.
- Perform risk assessments and define application and infrastructure-related security requirements for business and IT projects. Advises on high level security design of new applications and infrastructures to ensure secure operation within the environment.
- Perform security validation to ensure effective implementation of security controls.
- Act as security subject matter expert in the PKI and crypto domain and be the security point of contact for the business, administrator, technical and project teams.
The successful candidate must
- be a team player who communicates in an open, respectful and constructive way with her/his customers and peers, both verbally and in writing. The candidate will take ownership and ensure that organizational quality standards are met.
- be a very good communicator in English, both verbal and written, and able to discuss and defend the security interests with individuals and groups of Senior business people as well as deep technical IT experts.
- proven experience in security risk assessments, development of functional security requirements, process design and management reporting. Experience in security design, architecture and project management is a strong advantage.
- service oriented, organized and independent security professional with at least 5 years solid experience in applied cryptography, PKI administration, managing digital certificates, verifying digital certificates and 3rd line support towards IT and business teams for certificate and key generation/operations/processes on target systems or business applications.
- take responsibility for the administration, operation, upgrade and support of the PKI servers, PKI operating systems, Certification Authorities (CA), Registration Authorities (RA), and Hardware Security Modules (HSM) for an enterprise wide Public Key Infrastructures (PKI) containing multiple CA's with different trust levels.
- able to implement, operate and maintain PKI operational services (CA, RA, CRL, HSM) both IT and business process oriented.
- ensure alignment with relevant PKI compliance and best practices. Write and maintain PKI policies (CP/CPS).
- have experience in working with X.509 PKI, smartcards, HSMs and common PKI--based protocols, including SSL and TLS. Knowledge of PKI and cryptographic standards eg. NIST, FIPS, DoD...
You must be an EU national to apply for this role.
- Reference: Nk355
- Location: Brussels
- Duration: 12 months
- Language: English
- Rate: 600-625 euros per day