Senior IT Security Officer

  • Équipe

    Risk

  • Type de contrat

    Permanent

  • Niveau

    Senior (+7y)

14 mai 2024
Postuler

Attached to the CISO (RSSI) of Keytrade Bank, the ‘Security Correspondant of the information systems‘- CSSI mission consists of evaluating the exposure to risks of the enterprise information systems and ensuring that an appropriate level of protection, detection & reaction is guaranteed for these systems, actions performed in close collaboration with development and technical support teams. The CSSI will have an important role in establishing and maintaining a new security infrastructure during implementation of IAAS/SAAS/PAAS solutions.

Functional domains where the CSSI will intervene:

Security policies, standards, guidelines

  • Creation and maintenance of security policies in compliance with Group policies and making sure these are understood, communicated and properly implemented.
  • Creation of technical standards in line with these security policies and the implementation on both internal and externally hosted systems.
  • Follow-up of evolutions within the field of information and system protection to ensure protection follows the technological evolution.

Risk analysis and risk treatment

  • Identification of risks linked to the use of information systems, definition of risk reduction or risk treatment options, for both new projects and maintenance of existing applications and infrastructure.
  • Analysis of security risks and coordination and follow-up of the implementation of risk treatment options in the projects. Monitoring and testing of efficiency of the implementation of these measures.
  • Performance of security visit in the course of request for proposals of new IT outsourced activities.
  • Verification and follow-up of compliance of suppliers, outsourcers and/or subcontractors with internal security policies and coordination of security audits.
  • Define, implement and perform 2nd levels of controls to ensure the efficiency of 1st level of control for insourced and outsourced activities
  • Definition of vulnerability detection and prevention exercises or scans and follow-up of the implementation of corrective actions.

Security Operational and governance tasks

  • Operating several activities on security processes and solutions (SIEM/SOC, securitization of sensitive access, data leakage, IAM…).
  • Produce reporting elements on his area of activities and expertise for quarterly security committees.

Modernization and industrialization of security practices and regulatory compliance

  • Identification of new technologies available on the market for reduction of risk, selection of the most appropriate one and coordination of the implementation thereof.
  • Definition and coordination of implementation of security tools that are in compliance with market and that respond to the security challenges linked to cloud, continuous integration and deployment (CI/CD).
  • Definition of governance structure that allows an agile organization to manage its security effectiveness without causing bottlenecks or rework and coordinate the implementation of SecOps practices at Keytrade Bank.
  • Follow-up on regulatory aspects linked to the use of technology and adapting the policies and requirements to a changing external environment so legal and regulatory compliance can be guaranteed.

Awareness and training

  • Ensure senior management is aware of the threats and exposure to security risks relevant for Keytrade Bank.
  • Follow-up of the security budget.
  • Inform and train the operational departments and make sure the necessary tools and procedures are available to ensure they comply with security requirements.

Incident and Business Continuity Management

  • Cooperate with involved teams to resolve incidents and define short and mid-term corrective actions.
  • Maintain the Business Continuity documentation and create, maintain and follow-up test plans
  • Become a crisis team member and help coordinate recovery of disaster situations


PROFILE

  • Higher education.
  • Minimum 10 years of experience in the field of information security.
  • CISSP/CISM or equivalent product independent security certification.
  • Experience with implementation of encryption technologies, access control and authentication systems.
  • Familiar with industry standards like those from OWASP, CIS, Cloud Security Alliance, ISO and regulations/directives like GDPR and PSD2.
  • Knowledge of and experience with security aspects of cloud architectures and automated security evaluation.
  • You have a working knowledge of cloud infrastructures and platforms.
  • The ideal candidate has an analytical mind and can synthesize complex matters into understandable, implementable, and cost-efficient solutions and has the ability to convince the organization of the benefits thereof with regard to risk reduction.
  • Pro-activity, integrity and good communication and networking skills.
  • Working language: English
  • Required to have full proficiency in French and/or Dutch

What we have to offer?

  • Keytrade Bank is a young and dynamic organization with a lean structure, that evolves in an Agile ecosystem. The tempo and the atmosphere are upbeat and no day goes by without an element of fun!
  • Belgian employment contract 
  • Position 100% located in Brussels 
  • The company works in an agile setup with a lot of flexibility regarding remote work. This means that you will be guaranteed at least 50% homework with a high degree of flexibility.
  • A competitive salary with extra-legal advantages such as meal vouchers, group insurance, health insurance and many others
  • Continued education and access to trainings
  • Stepping stone for a continued career within Keytrade Bank
  • Open, inclusive culture and dynamic working environment