Information Security Management Expert - Strasbourg, France - Spektrum Group

Spektrum Group

Entreprise vérifiée

Strasbourg, France

il y a 3 semaines

Posté par:

Sophie Dupont

beBee Recruiter

Description

Spektrum have a wide range of exciting opportunities in several global locations.

We are always looking to add great new talent to our team and look forward to hearing from you.

Background:

eu-LISA is the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) manages large-scale IT systems to support the implementation of asylum, border management and migration policies in the European Union (EU).

The Agency is also a front-runner for the digitalisation efforts of the EU's Justice and Home Affairs domain, building a new information architecture and contributing to the development of a new security ecosystem.

Since the Agency's beginnings in 2012, eu-LISA has become the digital engine of the Schengen Area.

With its activities and tasks, the Agency adds value to the EU Member States by supporting their efforts towards justice, security and freedom.

Task description:

Supports the Agency's Information Security Officers in the management of information security and business continuity across organizational business processes and information systems
Develop security controls in the context of the agency's information security framework.
Expected also to perform the following tasks:
Perform risk assessments
Develop Information Security Management System (ISMS) procedures
Develop conceptual, logical and physical security models as appropriate.
Draft security policies, standards, procedures and guidelines in accordance with ISO2700
Development of security plans and documentation (e.g. risk treatment plans, security test plans)
Development of business continuity and disaster recovery plans.
Perform security assessments and audits
Perform ISMS control audits
Perform ISMS gap assessments
Design security controls in accordance with agency information security policies and standards
Provide assistance in formal accreditation process for information systems handling EU sensitive and classified information.

Education:

Minimum 4 years of relevant education (master or equivalent) after the secondary school

Minimum Experience:

Minimum 6 years of general IT professional experience, of which
Minimum 3 years of relevant professional experience in Information Security Management

Additional needed qualification, knowledge and skills:

-
Good knowledge of/in:

ISO27001 implementation and management.
Relevant standards and good practice in information security management
Information risk management (in particular E-BIOS)
Governance, Risk & Compliance (GRC) practices and controls
ISO27001 security control audits and assessments
Developing security policies, standards and guidelines in accordance with ISO27001 and EU security policies and standards
Design, implementation and assessments of good practice security control frameworks such as SANS Top 20 Critical Controls, OWASP Application Security Verification Standard,
Secure development processes (Security and Privacy design)
Implementation of EU data protection principles in information system design and processes.
This profile is expected to possess one or more of the following qualifications:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)

ITIL/ITIL V

BSI ISO27001 Lead Auditor Qualification

We never know what new opportunities might be just over the horizon.

If this opportunity isn't for you please feel free to send us your resume anyway and be the first to know if something suitable for your skills and experience comes up.