Senior IT Security Officer
- Team
Risk
- Contract type
Permanent
- Level
Senior (+7y)
Attached to the CISO (RSSI) of Keytrade Bank, the ‘Security Correspondant of the information systems‘- CSSI mission consists of evaluating the exposure to risks of the enterprise information systems and ensuring that an appropriate level of protection, detection & reaction is guaranteed for these systems, actions performed in close collaboration with development and technical support teams. The CSSI will have an important role in establishing and maintaining a new security infrastructure during implementation of IAAS/SAAS/PAAS solutions.
Functional domains where the CSSI will intervene:
Security policies, standards, guidelines
- Creation and maintenance of security policies in compliance with Group policies and making sure these are understood, communicated and properly implemented.
- Creation of technical standards in line with these security policies and the implementation on both internal and externally hosted systems.
- Follow-up of evolutions within the field of information and system protection to ensure protection follows the technological evolution.
Risk analysis and risk treatment
- Identification of risks linked to the use of information systems, definition of risk reduction or risk treatment options, for both new projects and maintenance of existing applications and infrastructure.
- Analysis of security risks and coordination and follow-up of the implementation of risk treatment options in the projects. Monitoring and testing of efficiency of the implementation of these measures.
- Performance of security visit in the course of request for proposals of new IT outsourced activities.
- Verification and follow-up of compliance of suppliers, outsourcers and/or subcontractors with internal security policies and coordination of security audits.
- Define, implement and perform 2nd levels of controls to ensure the efficiency of 1st level of control for insourced and outsourced activities
- Definition of vulnerability detection and prevention exercises or scans and follow-up of the implementation of corrective actions.
Security Operational and governance tasks
- Operating several activities on security processes and solutions (SIEM/SOC, securitization of sensitive access, data leakage, IAM…).
- Produce reporting elements on his area of activities and expertise for quarterly security committees.
Modernization and industrialization of security practices and regulatory compliance
- Identification of new technologies available on the market for reduction of risk, selection of the most appropriate one and coordination of the implementation thereof.
- Definition and coordination of implementation of security tools that are in compliance with market and that respond to the security challenges linked to cloud, continuous integration and deployment (CI/CD).
- Definition of governance structure that allows an agile organization to manage its security effectiveness without causing bottlenecks or rework and coordinate the implementation of SecOps practices at Keytrade Bank.
- Follow-up on regulatory aspects linked to the use of technology and adapting the policies and requirements to a changing external environment so legal and regulatory compliance can be guaranteed.
Awareness and training
- Ensure senior management is aware of the threats and exposure to security risks relevant for Keytrade Bank.
- Follow-up of the security budget.
- Inform and train the operational departments and make sure the necessary tools and procedures are available to ensure they comply with security requirements.
Incident and Business Continuity Management
- Cooperate with involved teams to resolve incidents and define short and mid-term corrective actions.
- Maintain the Business Continuity documentation and create, maintain and follow-up test plans
- Become a crisis team member and help coordinate recovery of disaster situations
PROFILE
- Higher education.
- Minimum 10 years of experience in the field of information security.
- CISSP/CISM or equivalent product independent security certification.
- Experience with implementation of encryption technologies, access control and authentication systems.
- Familiar with industry standards like those from OWASP, CIS, Cloud Security Alliance, ISO and regulations/directives like GDPR and PSD2.
- Knowledge of and experience with security aspects of cloud architectures and automated security evaluation.
- You have a working knowledge of cloud infrastructures and platforms.
- The ideal candidate has an analytical mind and can synthesize complex matters into understandable, implementable, and cost-efficient solutions and has the ability to convince the organization of the benefits thereof with regard to risk reduction.
- Pro-activity, integrity and good communication and networking skills.
- Working language: English
- Required to have full proficiency in French and/or Dutch
What we have to offer?
- Keytrade Bank is a young and dynamic organization with a lean structure, that evolves in an Agile ecosystem. The tempo and the atmosphere are upbeat and no day goes by without an element of fun!
- Belgian employment contract
- Position 100% located in Brussels
- The company works in an agile setup with a lot of flexibility regarding remote work. This means that you will be guaranteed at least 50% homework with a high degree of flexibility.
- A competitive salary with extra-legal advantages such as meal vouchers, group insurance, health insurance and many others
- Continued education and access to trainings
- Stepping stone for a continued career within Keytrade Bank
- Open, inclusive culture and dynamic working environment