Cyber Security Analyst in the Data Protection Governance Domain

Posted 21 hours 36 minutes ago by Base 3

Contract
Not Specified
Other
Brussel, Belgium
Job Description

This is a security analysts role where you will define, require and monitor the applicable cyber-security controls to protect different data sources according to data attributes such as the classification, criticality, nature of the data and the storage as well as the location (on-premise or in the cloud).

In the Data Protection Governance Team,?we are expected to:

  • Design the cyber-security data protection controls for detection and prevention such as Data Leakage Prevention, Encryption (data at rest, in motion, in use), Signing, Digital Right Management, Backup/Restore & Archiving, Data Access Governance, Data anonymisation,
  • Require the implementation of these controls to the data owners with the control objectives to meet
  • Assess a security risk in data protection from both a conceptual and a technical level
  • Monitor the implementation of these controls to the data sources
  • Collect the evidences of the control efficiency
  • Communicate the evidences upon request from the internal or external Audit, the regulators or for the yearly ISAE3402 exercise
  • In these context the collaboration is crucial with the different teams involved in security risk management
  • Partner with representatives of Cyber-Security, IT, Risk, Audit and other key business teams to advance data protection initiatives.
  • Develop a high-level of trust with stakeholders to ensure on-going commitment.
  • Foster a team environment, open to communication and collaboration.

Required Skillset & Experience - A combination of several of the below should be covered:

  • IT-security professional with solid experience in the infrastructure security domain, in the IT application security domain or in the data security domain.
  • Extensive knowledge of market standard control framework like the CIS TOP20, NIST 800-53 Rev.5, ISO 27001/27002, SWIFT CSCF, FISR (aka FML),
  • Knowledge of Data Protection controls such as encryption (DAR, DIM, DIU), data hashing, data signing, data anonymisation, DRM, DLP, CASB, data access governance, etc.
  • Experience in IT Risk Assessment, Control efficiency check-up and risk management
  • Understand the difference between an inherent risk, a residual risk and an inefficient control; risk addressing and risk mitigation
  • Experience with SQL, data modelling and technical documentation
  • Cybersecurity training and certification in CISSP, CISA, SSCP, GSEC, SANS or equivalent is a plus.