Function description |
Develop, Implement and Maintain ICT Controls (with a particular focus on ICT Controls in Payments domain)
As an IT and Cyber Control and Compliance Officer you will carry on the activities listed below:
- Understand the payment engine flow and the IT assets involved;
- Assist in identifying and designing of controls;
- Coordinate and monitor the execution of the first-line controls;
- Assure the quality of the provided evidence;
- Test the effectiveness of controls and provide advice on the improvement of existing ICT controls.
- Report to management, to stakeholders (including the Internal Audit) the results of first-line controls;
- Follow-up the status of remediation actions related to these controls;
Contribute to creating/ update procedures and or standards:
- Identify impacted assets and processes upon policy & control changes;
- Allocate the implementation roles and responsibilities for each security requirement;
- Get implementers’ acceptance on the roles and responsibilities allocated to them.
|
Language requirements |
Dutch |
Good speaking and writing (optional) |
French |
Fluent speaking and writing (mandatory) |
English |
Fluent speaking and writing (mandatory) |
Education |
Master degree in IT or science or an engineering degree, with a strong IT background or proven equivalent experience / skills in the area. |
Certification |
(Preferable) Certifications in ISO27k series, Information Systems Security Professional CISSP, CISA… |
Required experience / knowledge |
2-5 years of experience in Information Security and in IT process management. |
Technical experience |
mandatory |
- 2-5 year experience in IT and security technology and processes
- Experience in Metrics definition and dashboarding;
- Good knowledge of Excel (pivot tables, formulas) and Word, PPT;
- Knowledge of SharePoint (as a user)
- 2 years’ experience in designing and implementing IT generic controls (good knowledge of Identity & Access Management);
- Skills in coordination of / collaboration with different teams and external resources.
- Experienced with regulatory requirements, ISO/IEC standards (eg: 27001 Information Security Management Standard,…), laws and regulations (CHAPS, CIS);
|
preferable |
- Experience in developing and implementing policies and / or processes in IT area;
- Certified ISO27001 Lead Implementer;
- Knowledge of NIST control framework, PCI Standard, CIS20, SIG;
- Knowledge of GRC Tools such as RSA Archer;
- Project Management/coordination skills
- Knowledge of Agile Methodology
|
Business experience |
mandatory |
- 2-5 years’ experience in IT and Information Security environments;
- Capability to quickly understand end-to-end process flows and control needs;
- Experience in Reports and Memo drafting, and reports ad presentations addressed to senior management.
|
preferable |
- Preference will be given to candidate that have a good knowledge / practical experience of different bank entities / processes if possible.
|
Soft skills |
- Quick self-starter, pro-active attitude; team player;
- Highly productive and able to deliver within agreed deadlines
- Excellent English writing skills;
- Strong analytical skills and detail oriented.
- Ability to produce structured and concise documents;
- Ability to work in a dynamic and multi-cultural environment;
- Able to manage and prioritize tasks running in parallel.
|