The appropriate candidates will be part of the Information Security Management Team part of Corporate & Project Governance/Quality Assurance Department.
Fulfilling the role of Information Security Engineer in business related projects of European Commission and Public Sector;
Provide advice, research support and information security expertise to software and systems business analysts, development teams, IT Engineers and Architects with particular emphasis on secure application development;
Managing strategic, tactical and operational wise Information Security Governance and its security risks in the field of ICT through day-to-day administration, monitoring, evaluation and improvement of specialized security methodologies and best practices, latest trends, technologies and IT security controls
Support the internal Information Security Management System activities;
Align, implement and operate the information security standards and best practices from the business, project management, and technical perspective;
Acting as the Application Security Point of Contact regarding information security domain within company’s departments, multinational consortiums, and European Commission’s departments.
Bachelor’s Degree in Computer Science field;
Master’s Degree in Information Security field;
At least 2 Information Security related certifications, e.g. ISO 27001:2013 LA, CISA, CISSP, CEH, Business Continuity and Crisis and Risk Management related, CGET, Cyber Security certifications such as ISACA’s CSX, Offensive Security Certified Professional;
At least 8 years of hands-on experience in information and technology security domains;
A proficiency knowledge and experience in operational, organizational and procedural areas of information security;
Excellent command of English;
Extensive knowledge and hands-on experience in the areas of secure code practices, security in software development lifecycle, source code reviews and web application security tests through the use of corresponding best practices, standards, and tools;
Knowledge of SSDLC.
You may have (one or more)…
Participation in developing information security artifacts such as Information Security and Business Continuity policies, plans, conducting BIA and RA, procedures and management reports;
Application Security Certifications, such as CSSLP, CASS, CSP, or GIAC Certified Web Application Defender, will also be considered an additional asset.
Sufficient understanding regarding the operations and the reporting of FortiNet, MetaSploit and Nexpose Security products.
Excellent communication, presentation and collaboration skills in addressing Information Security aspects with a variety of business, technical and project management stakeholders;
A high level of commitment, independence, and ethics in the Information Security domain;
Excellent analytic, problem-solving and results-oriented skills in addressing Information Security at the project and technical level;
Team player and ability to work autonomously with limited supervision;
Availability to travel abroad;
Customer service and result orientation;
Strong team player;
Capability of integration in an international/multi-cultural environment.