IT Data Management Analyst

Salt is currently hiring an IT data management analyst, for one of our clients in Brussels. The candidate would need to be onsite once a month for 3/4 days in Brussels.

Roles:

As part of the CISO Data Protection Services you will be focusing on IT Asset & Data Management aiming at setting up the governance and means to ensure effective protection of our Assets (Applications, infrastructure, and Data) to foster our Diamond Strategy and grow our business in line with our risk appetite.

You will act as owner of the governance defining the rules for proper IT Asset Classification (Applications/hardware) in line with the concept of Confidentiality, Integrity, and Availability (CIA).

To succeed you are expected to partnership with other IT teams to define the best approach, have it conceptually defined, effectively tested, and rolled out.

The scope will be extended to IT Technical Data that will inherit the CIA classification from the application to some extent and mainly for unstructured data. This part will require close connection with application owners and capability to analyse large amount of stored data to come with the best way to have them classified.

In addition to your role, you will be collaborating with one of our Senior team member to first take over your role but also support other activities correlated to IT Data Management and help to identify, build and monitor effective inventorisation of our most critical set of data focusing on unstructured one but aligning with the Data Management Office methodology & framework for the structured part.

Your main deliverables are:

• Set-up strong collaboration with IT Teams in charge of implementing the strategy defined and in line with existing policies, standards and procedures.
• In collaboration with Business Relationship Management (BRM) team build a communication campaign towards the various stakeholders of the process focusing on benefits so to ensure right level of awareness is set up within the IT division.
• Provide requirements/guidance for effective monitoring of the CIA & controls coverage, completeness while ensuring gaps are identified.
• Effectively test requirements in line with governance/standard procedures and report/monitor defects and their resolution
• Provide assurance through reporting and communication on the effectiveness of the implementation and ensure all gaps and issues are reported accordingly.
• Ensure regular review of the governance and standard procedure

As part of the Data Management stream:

• Participate to the POC aiming at validating our approach
• Help identifying the location of our asset during the discovery phase
• Help to build and feed the inventory and maintain it overtime where needed
• Document the lineage (upstream and downstream dependencies) for each technical data asset. Coined as “Cartography”.
• Produce a classification standard, based on the lineage, to ensure a consistent classification of the technical data assets.
• Assess the conformity with the mandatory control objectives.
• Initiate (prepare and execute) a plan for the remediation of the gaps.

Additional details:
Governance
Engage with Enterprise Architecture & Security Analysts to integrate key technical data management principles and accordingly to the cartography and classification results. Rationalization of the data storage strategies possibly comes as a collateral benefit.

Inventory

Build and maintain an inventory of the technical data sources and their interdependencies, at the level of “data containers” or “data sources”

As a member of the Data protection Squads- you are expected to:

• Contribute to Data Protection Department Strategy implementation
• Scope together with Program Manager and Project leaders the different initiatives of the department and ensure review and understanding
• Help Project Leaders to lead the different initiatives of the department from a content point of view
• Ensure reporting of the evolution of the Data Protection Control and their compliance to regulation
• Partner with representatives of CISO, IT, Risk and other key business teams to advance data protection initiatives
• Participate to Audits by answering compliance objectives and questions related to data protection
• Partner with representatives of IT and other key business teams to advance data protection initiatives(Data Management Office)

Qualifications – External

A combination of some of the below should be covered:

• ISO2770x Certifications
• GDPR Certification
• ServiceNow (CMDB module)
• IT-security professional with proven experience in Asset & Data classification… (the infrastructure security domain or in the IT application security domain)
• Knowledge of the following products is an asset: Service Now, Collibra, Office 365(Exchange Online, SharePoint Online, OneDrive, Teams) & Lotus-Notes
• Knowledge of market standard control frameworks such as CIS TOP20, NIST 800-53 Rev.5, etc.
• Cybersecurity training and certification such as CISSP, CISA, CISM or equivalent is a plus
• Agile framework (TFS, Kanban…)