skip to Main Content

Information Security Project Management / Business Analysis (IT-Sec PM/BA)

Předpokládaný nástup 29.10.2018
Lokalita Frankfurt
Obor Analyst - Business
Typ kontraktu Contractor

Popis zákazníka

Unser Kunde ist eine global tätige Bank mit vier Heimatmärkten in Europa – Belgien, Frankreich, Italien und Luxemburg. Weltweit ist sie mit 185.000 Mitarbeitern in 75 Ländern vertreten. In Deutschland ist unser Kunde seit 1947 aktiv und hat sich mit 13 Gesellschaften erfolgreich am Markt positioniert. Privatkunden, Unternehmen und institutionelle Kunden werden von rund 4.200 Mitarbeitern bundesweit an 19 Standorten betreut. Das breit aufgestellte Produkt- und Dienstleistungsangebot unseres Kunden entspricht nahezu dem einer Universalbank.

Váš kontakt v TTP consult

Tobias Bartholomä +49 151 65 700 132 tobias.bartholomae@ttpeurope.com

This position is part of the Cyber Security team which is serving several entities of our customer in Germany and Austria.
The mission of the IT-Sec PM/BA will be to support a series of projects which are all part of a major Cyber Security program started by the head office in Paris.

He / she will analyse existing processes and procedures and further develop these to be fully compliant with our customers' policies and procedures based on the NIST Cyber Security Framework, which has been chosen by the European Central Bank as an assessment framework for major financial institutions in the Euro zone. This way he /she will assure adequate Information Security measures are in place to be prepared against cyber-attacks / incidents.

The focus is on monitoring and controlling the Security of all the Bank’s systems/applications and processes in place (as opposed to the administration of protective IT solutions like firewalls or anti-virus scanners which are in the remit of Operational IT Security). Risk assessments, controls and testing of Information Security solutions are a major part of the daily task list. The mission includes as well the Project Management of projects which are directly improving the Security of the entity and the presentation of the current Security Risk status to the entities management.

Close cooperation is necessary with the operational IT-Security Experts, the administrating IT teams locally as well as centrally at the head offices of the served entities.

Trips to other offices in Germany (München, Duisburg, Essen) could be necessary as part of the mission.


  Responsibilities  

  • Provides security expertise for the business unit/functions in his / her area
  • Contributes to the definition and development of the Security procedures, in line with Head Office policies
  • Consideration of specific security-relevant features, constraints, guidelines and issues of his / her entity
  • Definition of road maps to achieve the security targets of his / her entity
  • Manages projects which are initiated directly by the Security team, including maintenance of a project plan, regular status reports and the preparation of project committees
  • Performs analysis of security risks and identifies the related impacts
  • Proposes appropriate security positioning to cover identified risks and impacts
  • Takes part in maintaining an up-to-date map of security risks
  • Is responsible for checking that security issues are addressed in all stages of the project life cycle (planning, production start-up, running, decommissioning, etc.) and within business processes (supports project manager and or Application Production Support to fill and maintain the Group Security Form)
  • Checks the robustness and efficiency of the security system according to the requirements defined by the Security Manager of his / her area
  • Reacts on security alerts and manages security incidents
  • Contributes to the monitoring and management of security-related nonconformities (e.g. access right management recertification and reconciliations campaigns, recertification of firewall rules)

Professional knowledge
  • Project Management knowledge
  • Knowledge of Information Security principles
  • Good knowledge of MS Office products (esp. Excel)
  • Fluency in both German and English is essential
Ideally some elements of the following:
  • Knowledge of security-related norms and standards, e.g. 
    • Authentication: SAML, Kerberos, smartcard PKI technologies
    • Authorisation: SAML, LDAP repositories, proprietary databases
    • Code security: Protecting against OWASP recognized security risks, static source code analysis
    • Networking/Messaging Protocols: SSL handshake, CFT (file transfer), Web Services
    • Programming Language(s): PowerShell
    • Encryption fundamentals
    • Vulnerability Scanning
    • Intrusion Detection Technologies
    • Intrusion Prevention Systems
    • CIS Critical Security Controls
    • Incident Management Procedures
  • Information Systems Security:
    • ISO 27001
    • ISO 27002
    • ISO 27005 Risk Management (Information Security Risk Management)
    • NIST framework

Behavioural skills

Ability to change
  • Flexibility
Communication/interpersonal skills
  • Active listener
  • Interpersonal networking ability
Communication/teamwork
  • Knowledge transfer skills
Synthesis/organisation/thoroughness
  • Ability to summarise
  • Organisational skills
  • Thoroughness and precision
Highly motivated, self-organized and team player minded candidates are preferred.

Odpovědět
Back To Top