Participate in the implementation of the Client's security policy with reference to the configurations, systems and infrastructure;
Review, edit security specifications for information systems;
Perform ‘Business Impact Assessments’, in collaboration with the relevant stakeholders, in particular the Data Owners and linked System Owners that identify and define the IT security needs which guarantee the required security of the IT systems;
Draw up, manage and maintain the security plans of all the CIC IT Systems, ensuring that they are in line with the security framework of the Commission;
Review the system security plans periodically (yearly) and whenever a change with a significant security impact occurs;
Identify and coordinate security measures common to all CIC IT systems;
Monitor the planning of the implementation of the identified security measures and support the implementing teams;
Perform Security gap analysis;
Advise the System Owners, System Managers and Project Managers on IT security matters and assist in the architecture, design, implementation and verification activities of IT security;
Give support to the System Owners in Securing IT system development and acquisition;
Act as the contact point with all related security services (such as the LISO, DIGIT.S, etc.) and as reference point for any required security information within the CIC IT unit;
Advise in areas such as risk analysis, contingency planning, IT security audit, security logs analysis, security development, incident handling, identity and access management.
Qualifications
Master's Degree and 7 years of specific professional expertise in the areas of information security and IT security risk management processes;
Expert knowledge of security aspects and strategies;
Knowledge of internationally recognised standards such as the ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27005, etc.;
Good knowledge and experience of risk management methodologies (i.e., EBIOS, MEHARI, etc.);
Technical background on web applications design and familiarity with their security technical aspects (i.e., OWASP guidelines, etc.);
Ability to give high quality presentations on security matters;
Excellent use of English language (verbal & written) is mandatory (C1);
Ability to participate in multi-lingual meetings and very good communication skills;
Strong capacity in preparing and writing security documents;
Good and accurate reporting methods;
Commitment to excellence in professional work;
High capability to be autonomous;
Capability of working in an international/multi-cultural environment, rapid self-starting capability and experience in team working, understanding the needs, objectives and constraints of those in other disciplines and functions.
