1. To perform a general security risk assessment for new projects or for changes to existing applications, infrastructure components or services.
2. To ensure that the new projects (or changes to existing systems and platforms) are compliant with the company's security policies and any security standards that the company must comply with.
3. To research and document the security risks raised by the new technologies introduced into the company in the IT, Telecommunications and Internet landscapes.
4. To provide security requirements to be included in RFQ and RFP's based on Security NFR's and to evaluate vendor responses.
5. To provide support to the end users, upon request, during the implementation of security requirements.
6. Participate to the decision to launch new projects into production (steering committee meetings).
Degree & Experience
University degree in computer science or equivalent combination of education and experience
At least 5 years of hands-on experience as a security architect, a security analyst, or a similar role, dealing with multiple security domains (technologies, applications, services) and activities (concepts, policies, practices, procedures) preferably in a large organization.
Familiar with large and complex IT environments and data communications networks.
Experience with security risk assessment methodologies is much appreciated.
Familiar with relational databases concepts and usage.
Knowledge of ISO 27001.
Good understanding of various security domains such as: IP network protocols and services, user authentication methods, encryption, voice technologies, wireless technologies, Web applications. Knowledge and experience on cloud Azure, move to cloud and cloud-to-cloud is an advantage, and an added value.
Very good knowledge of the security features offered by, and the security risks encountered in complex ICT environments.
Ability to understand business products and processes in order to perform related security risk assessment.
Good understanding of the main security products and tools such as: Firewalls, intrusion detection and prevention, log file aggregators/analyzers, vulnerability assessment.