In the role of the IT Security officer you will operate and contribute to the further development of IT control framework and compliance status to protect the continuation of our primary business processes and our technology and business assets. You will achieve this by actively working with other IT disciplines in virtual global teams and partners to jointly enhance the demonstrability of our (IT) controls, managed compliance activities and prepare internal and external reporting on compliance to PCI-DSS, NIST-CSF, PCAOB and other frameworks for various stakeholders.
You will act as scrum master for IT risk related projects in multi-disciplinary teams. You will interact with the Internal Audit team, external auditors and business teams to guide audits and assess, test and enhance business processes from the IT risk perspective. Using your expertise, you’re also able to make valuable contribution to our preparation for independent assurance certification.
This role offers an opportunity for IT Security professionals who like to take ownership and initiative to accelerate and shape their careers in an international context with a broad set of responsibilities.
Key Accountabilities:
- Manage and enhance compliance status for PCI-DSS, NIST-CSF, GDPR and related KPI reporting.
- Manage PCI-DSS external scanning results and attestation reporting.
- Manage and operate due diligence process of 3rd party sourced services
- Manage, operate and further enhance the IT Control framework.
- Coach and support other IT disciplines in the adoption and operation of their IT controls
- Manage and operate Security tagged incidents and requests
- Coach and support teams in the follow-up on security incidents.
- Oversee the operation of and manage quality of the managed SOC operation.
- Liaise with external partners including SOC, network operations, and others.
- Act as scrum master / project manager for IT risk related projects
- Participate in multi-disciplinary teams to drive the IT Risk element as part of Solution Building Block under architecture
- Support the Senior IT team in special projects and daily operations.
- Proactively, identifying opportunities to improve systems or processes and flag recurring issues.
- Act as a team player supporting various IT functions, local and internationally, in operations as well as in projects
Required Skills
Demonstrable knowledge and experience with:
- Second line of defense for cyber/IT security management, IT Risk Management, IT control framework and IT process management (both design, documentation, implementation and monitoring)
- implementing security related processes and tooling, and matching these to specific business requirements
- analytical tools and logging tools, both using and implementing them. Using available data to present a clear Cyber Risk / IT Risk overview to management.
- ITSM, ITGC and asset management
- Advanced and demonstrable skills with Microsoft Office products (Word, Excel, PowerPoint, Visio). Vlookups, pivot tables, formulas and charts in Excel form no mystery to you.
- Functionality and analytical skills. Capably to analyze the service delivery stack and business services relations
- Proactive, open minded, self-directing behavior, willing to take ownership and a high level of responsibility awareness.
- Good communication skills (verbal and written) in English, Dutch in addition is a pre.
- Team player, intrinsic motivated to share knowledge and build relationships and bridges with colleagues and team members.
- CISM/CISSP/PCI-DSS certification
Knowledge and experience in two or more of the following categories:
- assessing and auditing 3rd parties and ISAE3000/3402 of SOC assurance reporting is a pre.
- SIEM/SOC and related processes is a pre.
- as scrum master or related agile way-of-workings is a pre.
- Working with PCI-DSS, ISO27001/2 or NIST-CSF related frameworks is a pre.
Vivid Resourcing are committed to equality of opportunity for all applications from individuals are encouraged regardless of age, disability, sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships or any other characteristic protected by law.
