Senior IT Security Analyst

Job’s objectives

·         Implement Group Cyber Security objectives to control IT & Cyber Security risks

·         Supports projects, initiatives, including Security Evaluation

·         Ensures that Risk Acceptance Forms are current and participate in Risk Review

·         Performs Security Assessments, confirming adequacy of Security Measures. Confirms that adequate measures are in place via regular reviews

·         Monitors existing environment for Threats. Performs ad-hoc reviews when needed

·         Acts as escalation Point for Security Issues

·         Creates Security procedures in such a way that all repeatable tasks are documented and appropriate tasks are handed by Security Analyst.

Description of job roles (tasks / duties)

Security

·       Apply ITRM Group framework and supporting processes for the IT Governance, Compliance, Continuity & Security domains

·       Provide technical guidance for security activities within CET, in accordance with Group requirements, Best practices and Industry standards

·       Support initiatives that require Security assessment & execution

IT Risk & Cyber Management framework

·       Apply IT Risk framework as per policy ITG0051 for IT Security, IT Continuity, IT Compliance & IT Governance

·       Alignment of practices (i.e. risk evaluation criteria and thresholds, risk matrices/heatmaps) across all risk domains in accordance with Group practices

·       Implement IT risk management as per ITG0051, focusing Information Security, Compliance & Continuity

·       Inspect risk scenarios to estimate the likelihood and impact of significant events to the organization. Participate in assesment of assets & applications

·       Reviews developments on Risk Acceptance Form Action plan and ensures progress is validated from a technical perspective, on a regular basis

·       Support the IT risk awareness program and advocate Group best practices

·       Review risk response plans ensuring that risk factors and events are addressed – from a technical perspective in competency domain

Cyber Security Incident Management

·       Subject Matter Expert for Cybersecurity Incident Response plan. Technical leader of the local CSIRT team, acts as escalation point. Ensures Incident Management plan is operational and covers all defined scenarios. Tests readiness and performs Red Team exercises.

·       Leads CSIRT team from a technical perspective.

IT Risk Monitoring

·       Monitor and report deviations to the IT Risk framework

·       Consult on risk and inform relevant stakeholders of noted deviations. This includes the technical review of response plans.

·       Support independent (external, Inspection Generale) risk and process reviews.

·       Support risk & compliance, initiate corrective actions.

IT Control Definition

·       Identify opportunities for local controls. Conduct risk analysis and validate with manager. Implement validated controls.

·       Support process maturity increase & automate repeatable processes

·       Identify control deficiencies and maturity gaps. Ensure that deficiencies are remediated and the solution is validated

Competencies

·         Communication and negotiation skills

·         Analysis and synthesis capability

·         Correlation capacity between events

·         Distributive attention

·         Results and customer oriented

·         Team spirit

·         Self-organizing capacity

·         Punctuality in carrying out tasks

·         Independent working capacity

·         Initiative