Senior Security Analyst - SII Belgium
A. Purpose of the Job
The purpose of the function is to implement an IT security framework and to protect the company IT-systems, both at strategical and operational level.
The function also covers the management of the general IT governance.
B. Principal Accountabilities, Authorities & Activities
IT Security governance
• Implementing an information security framework
• Develop processes and procedures to embed IT security in the organization and to safeguard systems. This includes application development, database design, network, operating systems, Microsoft toolset and OT
• Control and ensure compliance with the security policies
• Define KPI’s
• Embed security in (business) processes: SDLC, IAM, data classification
IT Security Design & build
• Collaborate with business and IT colleagues to embed security in systems. Helps project teams comply with enterprise and IT security policies, industry regulations, and best practices.
• Define, implement and improve security solutions & services
• Identify and correct security flaws in existing systems
• Validate IT projects and changes to ensure they are designed and built securely
• Participate in the Architecture Review Board
IT Security Manage & operate
• Handle security alerts and steer or participate actively in incident response and resolution
• Remediate vulnerabilities, and support remediation
• Keep cyber security knowledge up to date
• Be the security expert for application development, database design, network, and/or platform (operating system) efforts. Support application teams to keep their systems secure.
• Analyze business impact and exposure based on emerging security threats, vulnerabilities, and risks. Communicate security risks and solutions to business partners and IT staff as needed.
• Collaborate on a daily basis with colleagues, coach and train them whenever needed to make IT security integral part of IT
•
C. Dimensions/ratio’s
• Reporting to Enterprise and Security Architect
Vereisten
Knowledge
• Knowledge of security frameworks (NIST, ISO 27001 & IS 27002, MITRE ATT&CK)
• Experience with EDR tools
• Experience with Vulnerability Management
• Familiarity with the latest exploits, tactics, techniques and procedures (TTP), vulnerability remediation and security trends
• Knowledge of networks
• Knowledge of Windows
• Security certifications are an asset
• Fluent in Dutch and English
Skills & attitudes
• Able to create structure, focus on main points and synthesise
• Operational, systematic
• Interest in new technologies and the security aspects of it
• Can create a proposal or framework
• Can get user buy-in
• Can implement processes
• Good oral and written communication skills, used to
o convince business of the need for a cyber security mindset and measures
o document solutions and processes
o communicate a solution to both technical people and managers
o communicate with vendors
• Project management skills, from project inception to project delivery