Job Responsibilities:
- The IT Security Senior Analyst for Business Projects is in charge to offer support and guidance on the security framework that must be applied by partners/providers (external parties) as being recommended in the company group.
- Perform security risk analysis following Group methodologies on business projects including providers and partners;
- Ensure security is considered in business projects by performing risk analysis (identify security requirements, residual risks. etc);
- Raise awareness among the partners/providers on the importance and necessity of respecting the company security framework; synthesize information in a clear and easily readable format for partners/providers and make sure the security expectations are well understood;
- Become aware of the business context and the necessities of each provider/partner; act with diplomacy to create solid business relations with those stakeholders;
- Perform the security assessments of the ASSU’s applications based on the group methodology ASA (Application Security Assessment) getting inputs from business owners;
- Request for security requirements such as penetration testing and integrate results in the risk analysis;
- Offer security support
- In handling requests of derogation from the Group’s security policies, regarding website access, application installation, information flow etc;.
- To other security requests such as route opening;
- Contribute to the GDPR program, application and data security part (Risk Analysis, update the security documents, business restitution, etc.);
- Contribute to the audit / evaluation of suppliers (partners, delegates, etc.);
- Participate in the realization of monthly and quarterly monitoring by updating security referentials;
- propose ideas for improving or optimizing the internal procedures and methodologies to make them more efficient or adapted to our stakes;
Technical Requirements:
- Graduate / Post Graduate;
- Advanced IT Security background;
- Presentation skills (sales), pedagogy, didactics (adapted speech in non-it language), diplomacy
- Advanced level in French (> =C1) and English (> =B2) is a must;
- Basic security networking background;
- Good command of Microsoft Office, with focus on Excel and Power Point;
- Understanding of operational risk assessment;
- General knowledge of external cyber threats like phishing, malware and virus attacks;
- Able to manage multiple projects at the same time with multiple external partners;
- Fast and independent learner, able to work both with and without fixed procedures;
- Previous experience in performing risk analysis in business projects;
Nice to have / a plus:
- Communication skills to liaise with various stakeholders and share knowledge within the team;
- Adaptability skills to deal with different situations (different topics, different stakeholders, different IT applications);
- Pragmatism skills to quickly identify relevant information and focus on risks;
- Team spirit skills;
- Confidentiality skills.
- Certifications in the requested fields (e.g. CISSP, CISM, ISO 27001 Lead Implementor, ISO 27005, etc.)
- Security architecture knowledge; security background in Cloud, Agile, API, BigData, IAM;