Beschreibung
Task:The mission of the IT-Sec PM/BA will be to support a series of projects which are all part of a major Cyber Security program.
He / she will analyse existing processes and procedures and further develop these to be fully compliant with the policies and procedures based on the NIST Cyber Security Framework, which has been chosen by the European Central Bank as an assessment framework for major financial institutions in the Euro zone. This way he /she will assure adequate Information Security measures are in place to be prepared against cyber-attacks / incidents.
The focus is on monitoring and controlling the Security of all the Bank’s systems/applications and processes in place (as opposed to the administration of protective IT solutions like firewalls or anti-virus scanners which are in the remit of Operational IT Security). Risk assessments, controls and testing of Information Security solutions are a major part of the daily task list. The mission includes as well the Project Management of projects which are directly improving the Security of the entity and the presentation of the current Security Risk status to the entities management.
Close cooperation is necessary with the operational IT-Security Experts, the administrating IT teams locally as well as centrally at the head offices of the served entities.
Responsibilities:
- Provides security expertise for the business unit/functions in his / her area,
- Contributes to the definition and development of the Security procedures, in line with Head Office policies,
- Consideration of specific security-relevant features, constraints, guidelines and issues of his / her entity,
- Definition of road maps to achieve the security targets of his / her entity,
- Manages projects which are initiated directly by the Security team, including maintenance of a project plan, regular status reports and the preparation of project committees,
- Performs analysis of security risks and identifies the related impacts,
- Proposes appropriate security positioning to cover identified risks and impacts,
- Takes part in maintaining an up-to-date map of security risks,
- Is responsible for checking that security issues are addressed in all stages of the project life cycle (planning, production start-up, running, decommissioning, etc.) and within business processes (supports project manager and or Application Production Support to fill and maintain the Group Security Form),
- Checks the robustness and efficiency of the security system according to the requirements defined by the Security Manager of his / her area,
- Reacts on security alerts and manages security incidents,
- Contributes to the monitoring and management of security-related nonconformities (e.g. access right management recertification and reconciliations campaigns, recertification of firewall rules).
Requirements (Must have):
- Project Management knowledge
- Knowledge of Information Security principles
- Knowledge of security-related norms and standards, e.g.:
Authentication: SAML, Kerberos, smartcard PKI technologies,
Authorisation: SAML, LDAP repositories, proprietary databases,
Code security: Protecting against OWASP recognized security risks, static source code analysis,
Networking/Messaging Protocols: SSL handshake, CFT (file transfer), Web Services,
Programming Language(s): PowerShell,
Encryption fundamentals,
Vulnerability Scanning,
Intrusion Detection Technologies,
Intrusion Prevention Systems,
CIS Critical Security Controls,
Incident Management Procedures,
- Information Systems Security: ISO 27001, ISO 27002,ISO 27005 Risk Management (Information Security Risk Management), NIST framework,
- Good knowledge of MS Office products (esp. Excel)
- Fluency in both German and English is essential
Environment/Miscellaneous:
Trips to other offices in Germany (München, Duisburg, Essen) could be necessary as part of the mission.
Beginn: 01.11.2018
Dauer: 31.01.2019
Branche: Bank/Finanzen