Data Security Protection Analyst (CIS Top20, ISO 27001/27002, NIST 800-53 Rev.5) – Banking Client – Brussels
Rate: €700 – €900 per day
Duration: 1 year freelance contractor + remote working
My client is a global critical financial market infrastructure (FMI) company. Cyber-Security is at the core of the company’s services, firmly embedded in their management systems and processes.
The Data Protection Governance team is part of the Cyber Information Security Office Division and is in charge of the set-up and the monitoring of a data protection control framework based on the CIS Top20 plus a couple of other regulations applicable to trusted FMI’s.
This is a security analysts role where you will define, require and monitor the applicable cyber-security controls to protect different data sources according to data attributes such as the classification, criticality, nature of the data and the storage as well as the location (on-premise or in the cloud).
In the Data Protection Governance Team, we are expected to:
Design the cyber-security data protection controls for detection and prevention such as Data Leakage Prevention, Encryption (data at rest, in motion, in use), Signing, Digital Right Management, Backup/Restore & Archiving, Data Access Governance, Data anonymisation,
Require the implementation of these controls to the data owners with the control objectives to meet
Assess a security risk in data protection from both a conceptual and a technical level
Monitor the implementation of these controls to the data sources
Collect the evidences of the control efficiency
Communicate the evidences upon request from the internal or external Audit, the regulators or for the yearly ISAE3402 exercise
In these context the collaboration is crucial with the different teams involved in security risk management
Partner with representatives of Cyber-Security, IT, Risk, Audit and other key business teams to advance data protection initiatives.
Develop a high-level of trust with stakeholders to ensure on-going commitment.
Foster a team environment, open to communication and collaboration.
Qualifications, Skills and experience:
A combination of several of the below should be covered:
IT-security professional with solid experience in the infrastructure security domain, in the IT application security domain or in the data security domain.
Extensive knowledge of market standard control framework like the CIS TOP20, NIST 800-53 Rev.5, ISO 27001/27002, SWIFT CSCF, FISR (aka FML), …
Knowledge of Data Protection controls such as encryption (DAR, DIM, DIU), data hashing, data signing, data anonymisation, DRM, DLP, CASB, data access governance, etc.
Experience in IT Risk Assessment, Control efficiency check-up and risk management
Understand the difference between an inherent risk, a residual risk and an inefficient control; risk addressing and risk mitigation
Experience with SQL, data modelling and technical documentation
Cybersecurity training and certification in CISSP, CISA, SSCP, GSEC, SANS or equivalent is a plus.
Able to solve complex problems
Creative and sees the bigger picture when addressing issues
Team player, hierarchy respectful
Works proactively, thereby keeping possible problems from affecting the overall functioning of the team and make sure the team is successful to deliver the solution
Proficient oral and written communications skills in English, sharing strategy and vision with both peers and management.
Drive and energy, entrepreneurial attitude, hands-on mentality
Salary:€700 - €900 per day
Job Duration:1 year contract
Job Start Date:ASAP
Job Skills:CIS Top20, Data Protection, ISO 27001/27002, NIST 800-53 Rev.5, Security