Cyber Security Analyst in the Data Protection Governance Domain

This is a security analysts role where you will define, require and monitor the applicable cyber-security controls to protect different data sources according to data attributes such as the classification, criticality, nature of the data and the storage as well as the location (on-premise or in the cloud).

In the Data Protection Governance Team,?we are expected to:

• Design the cyber-security data protection controls for detection and prevention such as Data Leakage Prevention, Encryption (data at rest, in motion, in use), Signing, Digital Right Management, Backup/Restore & Archiving, Data Access Governance, Data anonymisation,
• Require the implementation of these controls to the data owners with the control objectives to meet
• Assess a security risk in data protection from both a conceptual and a technical level
• Monitor the implementation of these controls to the data sources
• Collect the evidences of the control efficiency
• Communicate the evidences upon request from the internal or external Audit, the regulators or for the yearly ISAE3402 exercise
• In these context the collaboration is crucial with the different teams involved in security risk management
• Partner with representatives of Cyber-Security, IT, Risk, Audit and other key business teams to advance data protection initiatives.
• Develop a high-level of trust with stakeholders to ensure on-going commitment.
• Foster a team environment, open to communication and collaboration.

Required Skillset & Experience - A combination of several of the below should be covered:

• IT-security professional with solid experience in the infrastructure security domain, in the IT application security domain or in the data security domain.
• Extensive knowledge of market standard control framework like the CIS TOP20, NIST 800-53 Rev.5, ISO 27001/27002, SWIFT CSCF, FISR (aka FML),
• Knowledge of Data Protection controls such as encryption (DAR, DIM, DIU), data hashing, data signing, data anonymisation, DRM, DLP, CASB, data access governance, etc.
• Experience in IT Risk Assessment, Control efficiency check-up and risk management
• Understand the difference between an inherent risk, a residual risk and an inefficient control; risk addressing and risk mitigation
• Experience with SQL, data modelling and technical documentation
• Cybersecurity training and certification in CISSP, CISA, SSCP, GSEC, SANS or equivalent is a plus.