Senior IT Security Officer

Attached to the CISO (RSSI) of Keytrade Bank, the ‘Security Correspondant of the information systems‘- CSSI mission consists of evaluating the exposure to risks of the enterprise information systems and ensuring that an appropriate level of protection, detection & reaction is guaranteed for these systems, actions performed in close collaboration with development and technical support teams. The CSSI will have an important role in establishing and maintaining a new security infrastructure during implementation of IAAS/SAAS/PAAS solutions.

Functional domains where the CSSI will intervene:

Security policies, standards, guidelines

●Creation and maintenance of security policies in compliance with Group policies and making sure these are understood, communicated and properly implemented.

●Creation of technical standards in line with these security policies and the implementation on both internal and externally hosted systems.

●Follow-up of evolutions within the field of information and system protection to ensure protection follows the technological evolution.

Risk analysis and risk treatment

●Identification of risks linked to the use of information systems, definition of risk reduction or risk treatment options, for both new projects and maintenance of existing applications and infrastructure.

●Analysis of security risks and coordination and follow-up of the implementation of risk treatment options in the projects.Monitoring and testing of efficiency of the implementation of these measures.

●Performance of security visit in the course of request for proposals of new IT outsourced activities.

●Verification and follow-up of compliance of suppliers, outsourcers and/or subcontractors with internal security policies and coordination of security audits.

●Define, implement and perform 2nd levels of controls to ensure the efficiency of 1st level of control for insourced and outsourced activities

●Definition of vulnerability detection and prevention exercises or scans and follow-up of the implementation of corrective actions.

Security Operational and governance tasks

• Operating several activities on security processes and solutions (SIEM/SOC, securitization of sensitive access, data leakage, IAM…).
• Produce reporting elements on his area of activities and expertise for quarterly security committees.

Modernization and industrialization of security practices and regulatory compliance

●Identification of new technologies available on the market for reduction of risk, selection of the most appropriate one and coordination of the implementation thereof.

●Definition and coordination of implementation of security tools that are in compliance with market and that respond to the security challenges linked to cloud, continuous integration and deployment (CI/CD).

●Definition of governance structure that allows an agile organization to manage its security effectiveness without causing bottlenecks or rework and coordinate the implementation of SecOps practices at Keytrade Bank.

●Follow-up on regulatory aspects linked to the use of technology and adapting the policies and requirements to a changing external environment so legal and regulatory compliance can be guaranteed.

Awareness and training

●Ensure senior management is aware of the threats and exposure to security risks relevant for Keytrade Bank.

●Follow-up of the security budget.

●Inform and train the operational departments and make sure the necessary tools and procedures are available to ensure they comply with security requirements.

Incident and Business Continuity Management

●Cooperate with involved teams to resolve incidents and define short and mid-term corrective actions.

●Maintain the Business Continuity documentation and create, maintain and follow-up test plans

●Become a crisis team member and help coordinate recovery of disaster situations

PROFILE

Minimum 10 years of experience in the field of information security.

CISSP/CISM or equivalent product independent security certification.

Experience with implementation of encryption technologies, access control and authentication systems.

Familiar with industry standards like those from OWASP, CIS, Cloud Security Alliance, ISO and regulations/directives like GDPR and PSD2.

Knowledge of and experience with security aspects of cloud architectures and automated security evaluation.

You have a working knowledge of cloud infrastructures and platforms.

The ideal candidate has an analytical mind and is able to synthesize complex matters into understandable, implementable, and cost-efficient solutions and has the ability to convince the organization of the benefits thereof with regard to risk reduction.

Pro-activity, integrity and good communication and networking skills.

Our offer

• Hybrid way of working: We are in a hybrid way of working that implements 50% tele working and 50% working from home.
• Agile way of working
• Green surroundings
• An inclusive workplace with nice colleagues
• A competitive salary package with advantages such as: