1. NATURE OF THE TASKS
• Contribute to the development of cyber defence and information security strategies
• Drafting information security policies, standards and guidelines
• Define, design and maintain a sound information security management system (ISMS)
• Manage security processes and ensure the production of ISMS records required to get or maintain certification
• Manage procedures to classify information and assets
• Perform risks assessments and analysis to identify threats, categorise assets, and rate system vulnerabilities so that they can implement effective controls
• Contribute to integration of IT security during the complete project lifecycle for the development of IT services and systems/products/solutions (security by design model)
• Draft security plans and security operating procedures
• Integrate security technical controls into systems, solutions and services
• Manage information security risks and system certification/accreditation
• Identify threats and assess the effectiveness of existing controls to face those threats
• Inform and raise awareness
• Inspect and ensure that principles and rules for information security are applied
• Provide guidance on information security
• Elaborate plans, prepare and document releases and maintenance activities (such as patches and software upgrades) which are required to keep system running at optimised security condition
• Assess the compliance of deliverables related to identity and access management for projects and activities, which shall take place in the context of the Operational Security Acceptance and Security Testing processes
• Assess, propose and implement efficiency gains in Identity and Access Management processes
2. KNOWLEDGE AND SKILLS
Specific Requirements (Experience with or Professional Knowledge)
• Definition/design and implementation of an ISMS
• Perform Risk Assessments
• Writing Security Policies
• Writing Security Operating Procedures
• Perform Security audits/assessments
• Identity and Access Management
Methodologies (Experience with or Professional Knowledge)
• Risk Assessment Methodologies such as EBIOS, CRAMM, PILAR or equivalent
• ISO 27000 Series
Standards (Experience with or Professional Knowledge)
• ISO2700X
• NIST SP-800 Series
Certifications
At least one (1) certification among or subject to a refined list (subset of the existing)
• CISSP (Certified Information Systems Security Professional)
• CISA (Certified Information Systems Auditor)
• CISM (Certified Information Security Manager)
• CRISC (ISACA Certified in Risk and Information Systems Control)
• or an equivalent certification recognized internationally (subject to acceptance as a valid credential by the Contracting EU-I)