Operational IT Security Officer
Job Description - Operational IT Security Officer (2024 - 3)Operational IT Security Officer (
Job Number:
2024 - 3)
a.Responsibilities:
Ensuring applicability of operational security in Run & Change activities
You configure and maintain security solutions in operational condition while performing IT operational technical security actions (vulnerability analysis & resolution, patching management, alert management, security incidents, technical access management, etc.). You check compliance with and observance of security standards and apply/deploy new operational security solutions.
You implement the security measures formalised/observed in projects by the GSO, contribute to the reflexion around the optimised security architecture and submit the implementation for the security assessment phase occurring before the official testing phase of the project.
You propose areas for IT security improvement and implement good security practices.
You implement & coordinate the closure of the recommendations that result from the penetration/intrusion tests.
You act as the Single Point of Contact on behalf of the IT Dept towards the local GSO as well as the Security representatives of the Head office by applying the security guidelines provided by them in the operations, projects & proof of concepts. This imply that on the field you will liase with the IT Production, architecture, development, IT risk, DPO and DQA teams to ensure that the security rules are well respected according to needs while acting as a facilitator for those collaborators with the aim of favorising automation
Together with the local GSO, you contribute to the formalization an appropriate BENE procedural framework to govern IT security operational processes
You configure and ensure operational maintenance of security solutions, execute operational security actions, ensure data are well protected
You lead technical IT security incidents resolution on the field, notably by continuously monitoring security solutions, analysing the logs, liasing with external parties( when involved) and have periodical reportings towards the local GSO.
You ensure the follow up in the execution of the obsolescence Mgt plans & IT continuity plans of assets by managing upgrades to the correct versions in compliance with the consistency & continuity of application assets.
You report and implementsecurity remediation plans in relation with the IT risks with the collaboration of the IT Risk Officer.
You analyse and correct anomalies leading to IT security flaws reported by users
You act as the contact point for IT suppliers in order to follow up the execution of the implementation at their side on our behalf as well as assess the deliverables related to IT security aspects of the solutions / products.
You check with the collaboration of the Infrastructure team the compliance of technical / telecom/ application flows and issue alerts in the event of non-IT security compliance with norms and standards.
You setup, adjust & monitor operational IT security indicators/KPIs and action plans in order to remedy to non-compliant features, in collaboration with the IT Production, GSO & CISO teams.
Deliverables:
vRespect ofcompliance of the IT security architecture plan
vAssessment and remediation plans of IT security audits & reports results
vAssessment and remediation plans of IT security recommendations within projects
vSecurity monitoring reports & action plan of systems
vSecurity Problem/Incident Management reports & remediation plans
vAssessment and remediation plans of IT security risks
vVulnerabilities & obsolescence reports & remediation plans via security patching follow ups & upgrades
vEnrichment of IAM via extracts of source applications to facilitate Access rights Mgt reviews
vMaintenance of inventories in relation with IT security related assets
vApply remediation plans in relation with IT security related assets
vOperational security KPI reports & follow up of formalisation
vAssurance security plan elaboration & assessment reports for outsourced activities
vFormalisation of the procedural framework
Continuous improvement initiative
Your participation in proposing and, where appropriate, carrying out actions to apply security measures within applications while automating tasks in view to optimise the solution and act as a facilitor to the stakeholders is of key essence. Contributing to the elaboration of data & APIs while ensuring their protection by adopting an orchestrated/structured approach is valuable. Your capacity to collect & analyze data to manage and improving the security performance of solutions via a technical or process angle would be of added value.
We expect you to be open to new solutions and prospects for developing the technologies, tools and methodologies used.
Deliverables:
vLog analysis reports
vTechnical document updates
vOptimising costs
I. Profile :
Education, experience and skills
vBachelor degree in computer engineering/ cyber security engineering
vAt least 6 years of experience in the IT security domain
vAt least 6 years of experience with IT network engineering, IT Risk and Cybersecurity
vExcellent written and oral communication skills in English (must) and Dutch/French (desired);
vCertification: ISO27001, ITIL
Tools – methodologies – technologies
ØIdentity Access Management (IAM) solutions
-Priviledged Access Management (PAM)
-Single Sign One (SSO)
-IAM workflows management, recertification, training exercises, reconciliation
-‘Non-standard’ rights management
ØData Protection solutions
ØLogs collection solutions
ØForensic, SIEM, antimalware and EDR solutions
ØCryptology solutions
ØNetwork security and firewall administration
ØVulnerability management solutions
Competences
ØAnalytical ability
ØAbility to Deliver / Results Driven
ØAbility to collaborate / Teamwork
ØAttention to Detail / Rigour
ØCreativity & Innovation / Problem Solving
ØAbility to anticipate business / strategic evolution
Primary Location
:BE-BRU-Brussels
Job Type
:Standard / Permanent
Job
:INFORMATION TECHNOLOGYEducation Level:Not indicatedExperience Level:Not Indicated
Schedule
:Full-timeCompetency Profile:SpecialistEntity:BNP PARIBAS Cardif
