1. NATURE OF THE TASKS
• Contribute to the preparation of the business plan of the organization
• Identify areas for improvement in business processes providing possible Cyber Security solutions compliant with the ICT strategy
• Build requirements, specifications, business processes and the business case related to the proposed solutions
• Analyse required information and documents
• Make recommendations to senior general management
• Ensure the reliability, confidentiality, security and integrity of Information Systems
• Elaboration and translation of the security monitoring policy into monitoring rules
• Provide advice on how to optimize the use of existing tools and systems
• Raise awareness of information technology innovations and potential value to a business
• Make recommendations for the development and implementation of a business project or technological solution
• Participate in the definition of general project specifications
• Participate in the assessment and choice of Cyber Security solutions
• Ensure security and appropriate use of Cyber Security resources
• Perform Risk assessments (Evaluate risks, threats and consequences)
• Draft security plans and Security Operating procedures (SecOps)
• Develop or review security configurations / security baselines
• Contribute to the definition and the implementation of the security policy
• Implement (security policy) technical or operational controls at operational level including in products and systems
• Review security plans and SecOps
• Evaluate risks, threats and consequences
• Secure handling, analysis and exchange of cyber security information with relevant stakeholders and trusted partners
• Provide security training and education
• Provide technical validation of security tools
• Contribute to definition of security standards
• Monitor security developments to ensure data and physical security of the ICT resources
• Provide expert support to incident handlers
2. KNOWLEDGE AND SKILLS
Specific Requirements (Experience with or Professional Knowledge)
• Drafting security policies
• Drafting Security plans and SecOps
• Reviewing Security plans and SecOps
• Implementing ISO 27001/27002 for a specific architecture/infrastructure
Methodologies (Experience with or Professional Knowledge)
• Risk Assessment Methodologies such as EBIOS, CRAMM, PILAR or equivalent
• ISO 27000 Series
Standards (Experience with or Professional Knowledge)
• STIX (Structured Threat Information Expression) with a particular focus on the following related standards:
• CybOX (Cyber Observables); CAPEC (Attack Patterns)
• MAEC (Malware); TAXII (Threat Information Exchange)
Certifications
At least one (1) certification among or subject to a refined list (subset of the existing)
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• ISO 27001 Lead implementer
• ISO 27001 Lead Auditor
• ISO 27005 Risk Manager
• GCED (GIAC Certified Enterprise Defender)
• GPPA (GIAC Certified Perimeter Protection Analyst)
• GCCC (GIAC Certified Critical Controls)
• SSCP ((ISC)2 Certified Systems Security Practitioner)
• ECSA (EC-Council Certified Security Analyst)
• SCPO (SABSA Certified Security Operations & Service Management Practitioner) or an equivalent certification recognized internationally (subject to acceptance as a valid credential by client)