Security Analysts

The Data Protection Governance team is part of the Cyber Information Security Office Division and is in charge of the set-up and the monitoring of a data protection control framework based on the CIS Top20 plus a couple of other regulations applicable to trusted FMI’s.

Role:

This is a security analysts role where you will define, require and monitor the applicable cyber-security controls to protect different data sources according to data attributes such as the classification, criticality, nature of the data and the storage as well as the location (on-premise or in the cloud).

In the Data Protection Governance Team, we are expected to:

  • Design the cyber-security data protection controls for detection and prevention such as Data Leakage Prevention, Encryption (data at rest, in motion, in use), Signing, Digital Right Management, Backup/Restore & Archiving, Data Access Governance, Data anonymisation,
  • Require the implementation of these controls to the data owners with the control objectives to meet
  • Assess a security risk in data protection from both a conceptual and a technical level
  • Monitor the implementation of these controls to the data sources
  • Collect the evidences of the control efficiency
  • Communicate the evidences upon request from the internal or external Audit, the regulators or for the yearly ISAE3402 exercise
  • In these context the collaboration is crucial with the different teams involved in security risk management
  • Partner with representatives of Cyber-Security, IT, Risk, Audit and other key business teams to advance data protection initiatives.
  • Develop a high-level of trust with stakeholders to ensure on-going commitment.
  • Foster a team environment, open to communication and collaboration.

Qualifications, Skills and experience:

A combination of several of the below should be covered:

  • IT-security professional with solid experience in the infrastructure security domain, in the IT application security domain or in the data security domain.
  • Extensive knowledge of market standard control framework like the CIS TOP20, NIST 800-53 Rev.5, ISO 27001/27002, SWIFT CSCF, FISR (aka FML), …
  • Knowledge of Data Protection controls such as encryption (DAR, DIM, DIU), data hashing, data signing, data anonymisation, DRM, DLP, CASB, data access governance, etc.
  • Experience in IT Risk Assessment, Control efficiency check-up and risk management
  • Understand the difference between an inherent risk, a residual risk and an inefficient control; risk addressing and risk mitigation
  • Experience with SQL, data modelling and technical documentation
  • Cybersecurity training and certification in CISSP, CISA, SSCP, GSEC, SANS or equivalent is a plus.

 Interpersonal Skills:

  • Able to solve complex problems
  • Creative and sees the bigger picture when addressing issues
  • Team player, hierarchy respectful
  • Works proactively, thereby keeping possible problems from affecting the overall functioning of the team and make sure the team is successful to deliver the solution
  • Proficient oral and written communications skills in English, sharing strategy and vision with both peers and management.
  • Drive and energy, entrepreneurial attitude, hands-on mentality