Senior IT Security Officer

Attached to the CISO (RSSI) of Keytrade Bank, the ‘Security Correspondant of the information systems‘- CSSI mission consists of evaluating the exposure to risks of the enterprise information systems and ensuring that an appropriate level of protection, detection & reaction is guaranteed for these systems, actions performed in close collaboration with development and technical support teams. The CSSI will have an important role in establishing and maintaining a new security infrastructure during implementation of IAAS/SAAS/PAAS solutions.

Functional domains where the CSSI will intervene:

Security policies, standards, guidelines

• Creation and maintenance of security policies in compliance with Group policies and making sure these are understood, communicated and properly implemented.
• Creation of technical standards in line with these security policies and the implementation on both internal and externally hosted systems.
• Follow-up of evolutions within the field of information and system protection to ensure protection follows the technological evolution.

Risk analysis and risk treatment

• Identification of risks linked to the use of information systems, definition of risk reduction or risk treatment options, for both new projects and maintenance of existing applications and infrastructure.
• Analysis of security risks and coordination and follow-up of the implementation of risk treatment options in the projects. Monitoring and testing of efficiency of the implementation of these measures.
• Performance of security visit in the course of request for proposals of new IT outsourced activities.
• Verification and follow-up of compliance of suppliers, outsourcers and/or subcontractors with internal security policies and coordination of security audits.
• Define, implement and perform 2nd levels of controls to ensure the efficiency of 1st level of control for insourced and outsourced activities
• Definition of vulnerability detection and prevention exercises or scans and follow-up of the implementation of corrective actions.

Security Operational and governance tasks

• Operating several activities on security processes and solutions (SIEM/SOC, securitization of sensitive access, data leakage, IAM…).
• Produce reporting elements on his area of activities and expertise for quarterly security committees.

Modernization and industrialization of security practices and regulatory compliance

• Identification of new technologies available on the market for reduction of risk, selection of the most appropriate one and coordination of the implementation thereof.
• Definition and coordination of implementation of security tools that are in compliance with market and that respond to the security challenges linked to cloud, continuous integration and deployment (CI/CD).
• Definition of governance structure that allows an agile organization to manage its security effectiveness without causing bottlenecks or rework and coordinate the implementation of SecOps practices at Keytrade Bank.
• Follow-up on regulatory aspects linked to the use of technology and adapting the policies and requirements to a changing external environment so legal and regulatory compliance can be guaranteed.

Awareness and training

• Ensure senior management is aware of the threats and exposure to security risks relevant for Keytrade Bank.
• Follow-up of the security budget.
• Inform and train the operational departments and make sure the necessary tools and procedures are available to ensure they comply with security requirements.

Incident and Business Continuity Management

• Cooperate with involved teams to resolve incidents and define short and mid-term corrective actions.
• Maintain the Business Continuity documentation and create, maintain and follow-up test plans
• Become a crisis team member and help coordinate recovery of disaster situations

PROFILE

• Higher education.
• Minimum 10 years of experience in the field of information security.
• CISSP/CISM or equivalent product independent security certification.
• Experience with implementation of encryption technologies, access control and authentication systems.
• Familiar with industry standards like those from OWASP, CIS, Cloud Security Alliance, ISO and regulations/directives like GDPR and PSD2.
• Knowledge of and experience with security aspects of cloud architectures and automated security evaluation.
• You have a working knowledge of cloud infrastructures and platforms.
• The ideal candidate has an analytical mind and can synthesize complex matters into understandable, implementable, and cost-efficient solutions and has the ability to convince the organization of the benefits thereof with regard to risk reduction.
• Pro-activity, integrity and good communication and networking skills.
• Working language: English
• Required to have full proficiency in French and/or Dutch

What we have to offer?

• Keytrade Bank is a young and dynamic organization with a lean structure, that evolves in an Agile ecosystem. The tempo and the atmosphere are upbeat and no day goes by without an element of fun!
• Belgian employment contract 
• Position 100% located in Brussels 
• The company works in an agile setup with a lot of flexibility regarding remote work. This means that you will be guaranteed at least 50% homework with a high degree of flexibility.
• A competitive salary with extra-legal advantages such as meal vouchers, group insurance, health insurance and many others
• Continued education and access to trainings
• Stepping stone for a continued career within Keytrade Bank
• Open, inclusive culture and dynamic working environment