Information Security Officer L2
Job Overview
Main responsibilities:
Perform Risk assessments on : new projects, assets or Tools
Manage Risk Register on compliance exemptions and risk acceptance (including expiry and renewal)
Collaborate with the Security MSPs and the rest of security officers from other regions to deal with global emerging threats.
Support GRC global officer on specific tasks related but not limited to:
Evidence collection and recording (MCS & Audits)
Audit support
Development and management of control processes
Post Audit action tracking
Provide Security Reviews & Approvals on SNOW changes
Security representation in zone CAB/E-CAB when required
Security reviews of new demands and project charters
Support/drive Security initiatives (Global or Regional)
Security Operations
Collaborate providing knowledge on managing, supporting and monitoring regular security relevant processes like: Patch Management, Backup & Restore, DR & BCP, Malware
Follow up Globally Patch management process trying to improve the following areas:
Consolidation of asset scope sources (CMDB, manual lists, …)
Provide visibility to teams of the vulnerabilities detected
Homogenization of patching processes for all the zones
Ensuring completeness of vulnerability detection and patching activities
Detection of area for improvement
Lead the Security operations related to the Network, this includes the following components: Firewall main configuration, IDS/IPS rules configuration, WAF default configuration and baseline, Proxy configuration and IoC lifecycle
Detect:
Security Operations
Lead/Drive globally the vulnerability management process
Coordinate Threat Hunting operations provided by a third party :
Providing necessary access to the external consultants
Provide access to the internal resources needed (hardware, software and contacts)
Coordination and deployment management of the needed agents
Register the necessary findings and ensure they are followed up and properly closed.
Respond:
Security Operations
Work on Security Incident & Problem management
Provide P1/Major Security Incident support
Be involved on Forensic activities
Profile Required:
Education/qualifications normally required:
Graduate degree in Business or Management; Bachelor’s degree in Computer Science, Engineering, or a related discipline with an IT focus.
Security certifications (CISM, CISA, ISO 27001, CISSP, CRISC, ITIL, CMMI, CompTIA Security+, NCSF, CHFI) would be an asset.
Specific work experience:
Experience in IT Security and other operational/compliance IT roles
Broad technical security knowledge of IT services, technology and IT solutions.
Specific expertise in one or more of the following would be a plus:
Cloud Security → CCSP / GCSA
Network Security → CND / CCNP / CCNA Security / CEH
System/Infrastructure Security → CISSP / CISM / CISA
Industrial Technology (OT) Security → CDSE / GICSP / ISP / ISOC
Extensive experience in delivering IT security projects, assessments and audits
Practical experience of risk management
Experience in implementing Policies and Procedures in compliance with Information Security Management System Standards (ISO 27000 series)
Strong knowledge of regulatory requirements and security policies and standards
Broad knowledge of IT services, Technologies and IT solutions
Work experience in a related industry setting (cement, aggregate, ready-mix)
Strong decision making skills and ability to challenge decisions of others
Good negotiation skills with vendors, contractors and other suppliers