This is a security analysts role where you will define, require and monitor the applicable cyber-security controls to protect different data sources according to data attributes such as the classification, criticality, nature of the data and the storage as well as the location (on-premise or in the cloud).
- Design the cyber-security data protection controls for detection and prevention such as Data Leakage Prevention, Encryption (data at rest, in motion, in use), Signing, Digital Right Management, Backup/Restore & Archiving, Data Access Governance, Data anonymisation,
- Require the implementation of these controls to the data owners with the control objectives to meet
- Assess a security risk in data protection from both a conceptual and a technical level
- Monitor the implementation of these controls to the data sources
- Collect the evidences of the control efficiency
- Communicate the evidences upon request from the internal or external Audit, the regulators or for the yearly ISAE3402 exercise
- In these context the collaboration is crucial with the different teams involved in security risk management
- Partner with representatives of Cyber-Security, IT, Risk, Audit and other key business teams to advance data protection initiatives.
- Develop a high-level of trust with stakeholders to ensure on-going commitment.
Commercial, demonstrable experience of several of the below
- IT-security professional with solid experience in the infrastructure security domain, in the IT application security domain or in the data security domain.
- Extensive knowledge of market standard control framework like the CIS TOP20, NIST 800-53 Rev.5, ISO 27001/27002, SWIFT CSCF, FISR (aka FML), …
- Knowledge of Data Protection controls such as encryption (DAR, DIM, DIU), data hashing, data signing, data anonymisation, DRM, DLP, CASB, data access governance, etc.
- Experience in IT Risk Assessment, Control efficiency check-up and risk management
- Understand the difference between an inherent risk, a residual risk and an inefficient control; risk addressing and risk mitigation
- Experience with SQL, data modelling and technical documentation
- Cybersecurity training and certification in CISSP, CISA, SSCP, GSEC, SANS or equivalent is a plus.
Job Reference: JO-2110-248017
Salary: £600 - £601 per annum + inside IR35
Salary per: annum
Job Duration: 6 month rolling
Job Start Date: ASAP
Job Industries: Cyber Security Jobs
Job Locations: Europe
Job Types: Contract
Job Skills: CIS Top20, Cyber security, data govenanance, Data Protection, FISR payments, ISO 27001/27002, NIST 800-53 Rev.5, Risk, SWIFT CSCF