AWS Security Architect
Website OneSource Consulting
TITLE:: AWS Security Architect
LOCATION:: Brussels, Belgium
DURATION:: 12 months
This is Connecting’s ‘old’ application, they have not found a suitable candidate this way.
RESULT AREA 1:
Define a security policy Objective: Design and implement a security policy with the aim of having a clear methodology and approach regarding information and ICT security within the organization, both in terms of physical and electronic information security.
Establish and maintain procedures regarding information security (both general and for a specific target group and / or for certain information systems)
Documenting and maintaining the various information security procedures
Continuously searching for new information security solutions to optimize information security policy.
RESULT AREA 2: Risk assessment and risk treatment
Objective: Continuous assessment of the security risks and needs surrounding the information that is specific to the organization and that concerns the use and processing of personal data, in order to be able to take the necessary control measures.
Analyzing current and future risks related to information and information systems to avoid structural risks or to reduce them to an acceptable level.
Investigate breaches of security procedures to find security leaks and avoid problems in the future.
Tests (or have them carried out) to be able to estimate the risks with regard to safety in the future and to make adjustments where necessary.
RESULT AREA 3: Supervision and control
Objective: To supervise and control the logical and physical security of data, in order to be able to ensure the day-to-day security of the exchange of privacy-sensitive data (information security).
Monitoring and monitoring that information security procedures are followed to maintain a coherent information security policy within the organization.
RESULT AREA 4: Communication and consultation
Objective: Communication and consultation with all possible parties involved with the aim of
creating support and shared understanding and application regarding information security Sub-activities
continuous consultation with the safety team
communicate about existing needs, possible blind spots and opportunities for improvement
attending various consultation forums (management, project, experts, etc.)
Monitor information security aspects in the context of ICT projects to minimize information security risks.
Providing organization-wide advice on information security and awareness-raising.
RESULT AREA 5: Knowledge of the field
Purpose: Keeping up with trends and developments in the field and regulations in order to pursue a legally correct and efficient safety policy.
Carry out study work to know the most recent evolutions and obligations in the field and the working methods.
Researching the applicability of new methods and technologies.
Participate in the development of knowledge management around information security.
Represent the organization on various forums on information security.
Make an active contribution to the changes necessary for the further professionalization and increase of the quality of information security in the organization
If required by the operation of the service or the organization as a whole, additional responsibilities may be temporarily assigned in consultation.
– Higher education (Master or Bachelor) with technical / engineering background or equivalent through experience.
– Demonstrable security expertise with extensive operational experience. Eg for supporting the DPO / CISO of the Flemish Government, and leading civil servants or other policymakers with security oversight.
– Demonstrable expertise in a specific knowledge domain of information security
– Demonstrable experience in analyzing, optimizing and documenting security processes and governance, those of the Flemish government in particular (after induction period)
– Demonstrable experience in both functional and technical environments in which the projects are located situate.
– At least 5 years of relevant experience
– Knowledge and experience via certificates depending on the domain of expertise (eg CISM, CISSP, CEH) is a plus.
– Enabling the preparation of new and optimizing existing business processes through knowledge of the security application domain, security strategies and goals of the customer
– Develop and follow up of vision, organization – business strategy and roadmap, within the identified business objectives
– Excellent knowledge of security management techniques and / or frameworks (eg: ISO27000 series, COBIT for Security, NIST, OWASP, CIS Critical Security Controls for Effective Cyber Defense)
– To be able to transfer expert knowledge
– Knowledge of specific security tooling for vulnerability analysis, pen testing, PAM (eg CyberArk), Encryption (eg Vormetric).
– Knowledge of MS office such as Powerpoint, Excel, visio
– Knowledge of and understanding of highly complex and varied systems, environments and problems related to information security;
– Proven experience with information security controls, mitigating measures and with methods to measure their effect;
– Strong analytical skills, good organizational talent and resistant to stress;
– Experience with mapping and managing risks related to cloud services such as AWS, Azure or other IaaS, PaaS or SaaS services;
– Be familiar with the possibilities of setting up and managing technology related to IT security such as firewalls, network protocols, user access management, intrusion detection and prevention systems, …