You will be: Working closely with Business Analysts , supporting the development of good business and technical requirements. Working closely with internal and external technical teams (delivery, development and test) ensuring the built solution aligns to the agreed design. Working with the Project Management Office , aligning to our delivery strategies. Working with Enterprise Architecture , aligning solutions to our technology strategies. Leading the recommendation of appropriate technologies and architectures to meet requirements for particular projects (within the constraints of Project Needs, Business Needs, Enterprise Architecture and Technology). Ensuring technology options are fully costed, and risks and benefits understood to enable effective decision-making by project teams, sponsors and subject matter experts Ensuring clear handover of agreed design to delivery teams and continued architectural support throughout the delivery and cutover of solutions. Ensuring software vendors and outsourced implementation partners meet the required technology specifications to deliver a quality product, adhering to technical governance . Building and maintaining customer and stakeholder relationships that will support our ability to deliver its mission, its reputation and remain sustainable. Being an agent of change through visible ownership, clear and consistent communication and a focus on benefits realisation . Ensuring compliance with appropriate internal and external governance including quality, health, safety, security and environmental legislation, minimising risk to the business and enhancing our reputation. We are now working in a hybrid way, with a mix of remote and office working. We strive to offer a great work life balance - if you are looking for flexible options, we will try to make this work where business possible. This will be dependent on the kind of role you do and part of the business you work in. About the Candidate Knowledge, Experience and Skills Strong solutions architecture skills and experience Knowledge and experience with hybrid cloud and on-prem environments Exposure to the cyber security aspects of solution architectures Well versed with cloud architecture frameworks and design patterns Knowledge of data architecture and exposure to the pros and cons of various forms of data storage and processing Knowledge and experience with MS Azure solution architectures (esp. IaaS, PaaS and SaaS based solutions) Experience in MS Azure Infra, Networks, Storage, Apps and Azure DevOps Experience with Azure Resource Manager, Resource Groups, Virtual Networks, Azure Virtual Machines, Azure Storage types, PowerShell DSC, Azure Automation, Azure Active Directory (Entra), and Azure Site Recovery Experience in developing and deploying cloud native applications using Azure PaaS Capabilities (App Services Plans, Key Vault, Azure Cosmos DB types) Strong communications , listening and influencing skills (diagrams, written and verbal) Experience in creating solution proposals, statement of work (SOW), presenting and articulating Strong business and technical analysis skills Ability to research existing and new solution components and blueprints to match with solution requirements Ability to use a risk based approach to recommendations on architectures Ability to tailor your approach to the given project/business area/vendor Ability to cope with ambiguity , whilst still striving for the required levels of clarity Understanding that "perfect is the enemy of good" Some experience diagramming with UML and utilising blueprint diagrams Exposure to how business works (ie you have sight outside of just the IT department) Personal Qualities Diligent , resilient and self-reliant Adaptable to different teams and environments Passionate for architecting good solutions within given constraints Self-motivated to drive your own learning (esp. in the MS Azure cloud solutions architecture space) Keen to grow knowledge in self and others through mentoring, coaching and sharing experience. Content not to reinvent the wheel, but to use existing solution sets and blueprints where available, and weave together and tailor where needed
23/04/2024
Full time
You will be: Working closely with Business Analysts , supporting the development of good business and technical requirements. Working closely with internal and external technical teams (delivery, development and test) ensuring the built solution aligns to the agreed design. Working with the Project Management Office , aligning to our delivery strategies. Working with Enterprise Architecture , aligning solutions to our technology strategies. Leading the recommendation of appropriate technologies and architectures to meet requirements for particular projects (within the constraints of Project Needs, Business Needs, Enterprise Architecture and Technology). Ensuring technology options are fully costed, and risks and benefits understood to enable effective decision-making by project teams, sponsors and subject matter experts Ensuring clear handover of agreed design to delivery teams and continued architectural support throughout the delivery and cutover of solutions. Ensuring software vendors and outsourced implementation partners meet the required technology specifications to deliver a quality product, adhering to technical governance . Building and maintaining customer and stakeholder relationships that will support our ability to deliver its mission, its reputation and remain sustainable. Being an agent of change through visible ownership, clear and consistent communication and a focus on benefits realisation . Ensuring compliance with appropriate internal and external governance including quality, health, safety, security and environmental legislation, minimising risk to the business and enhancing our reputation. We are now working in a hybrid way, with a mix of remote and office working. We strive to offer a great work life balance - if you are looking for flexible options, we will try to make this work where business possible. This will be dependent on the kind of role you do and part of the business you work in. About the Candidate Knowledge, Experience and Skills Strong solutions architecture skills and experience Knowledge and experience with hybrid cloud and on-prem environments Exposure to the cyber security aspects of solution architectures Well versed with cloud architecture frameworks and design patterns Knowledge of data architecture and exposure to the pros and cons of various forms of data storage and processing Knowledge and experience with MS Azure solution architectures (esp. IaaS, PaaS and SaaS based solutions) Experience in MS Azure Infra, Networks, Storage, Apps and Azure DevOps Experience with Azure Resource Manager, Resource Groups, Virtual Networks, Azure Virtual Machines, Azure Storage types, PowerShell DSC, Azure Automation, Azure Active Directory (Entra), and Azure Site Recovery Experience in developing and deploying cloud native applications using Azure PaaS Capabilities (App Services Plans, Key Vault, Azure Cosmos DB types) Strong communications , listening and influencing skills (diagrams, written and verbal) Experience in creating solution proposals, statement of work (SOW), presenting and articulating Strong business and technical analysis skills Ability to research existing and new solution components and blueprints to match with solution requirements Ability to use a risk based approach to recommendations on architectures Ability to tailor your approach to the given project/business area/vendor Ability to cope with ambiguity , whilst still striving for the required levels of clarity Understanding that "perfect is the enemy of good" Some experience diagramming with UML and utilising blueprint diagrams Exposure to how business works (ie you have sight outside of just the IT department) Personal Qualities Diligent , resilient and self-reliant Adaptable to different teams and environments Passionate for architecting good solutions within given constraints Self-motivated to drive your own learning (esp. in the MS Azure cloud solutions architecture space) Keen to grow knowledge in self and others through mentoring, coaching and sharing experience. Content not to reinvent the wheel, but to use existing solution sets and blueprints where available, and weave together and tailor where needed
Request Technology - Craig Johnson
Chicago, Illinois
*Position is bonus eligible* Prestigious Financial Company is currently seeking an Information Data Governance and Protection Analyst. Candidate will be responsible for supporting the development and implementation of the information governance, data protection, and privacy program. This includes supporting the development of strategies, policies, procedures, and controls related to the governance and protection of information throughout its life cycle. In addition, the role will work with stakeholders to define the information governance, data protection, and privacy requirements; will facilitate compliance with the identified requirements to control risk; will represent the program to internal and external stakeholders; and will support the development and implementation of training and awareness programs. This role will focus on compliance with applicable regulatory and legal rules and requirements (ie SEC-Regulation SCI, CFTC-System Safeguards, etc.) as they relate to information including support of regulatory exam and Internal Audit remediation planning, tracking, and mitigation. Responsibilities: Work with appropriate stakeholders and across the organization to create a culture that manages information as an enterprise asset Implementation of the information governance, data protection, and privacy program including the development of policies, procedures, and job aids Identification, implementation, and use of technologies to support program objectives and classification standards Execution of controls and risk assessments (eg, third-party risk, privacy, data protection) Responsible in performing the privacy impact assessment on data incidents and working with relevant stakeholders like Security Services and Legal to help closing the incident. Creation and execution of strategies to identify information across the organization and throughout its life cycle Preparation of program for regulatory and internal audits/examinations and timely remediation of any findings Use of technology/tools to track projects, manage deliverables and create reporting that support the program and its objectives Support of compliance assessments for information governance, data protection, and privacy including development of controls to measure risk Development and maintenance of the organization's Records and Information Management (RIM) program, ensuring information across all media and formats is properly retained and disposed including remediation of Legacy information Ensure retention, disposition, protection, and classification are addressed in new applications, platforms, and systems Collaborate with internal and external stakeholders to implement information governance, data protection, and privacy policies and requirements Support and develop training and awareness programs for information governance, data protection, and privacy. Identify trends in privacy and regulatory requirements, compliance enforcement, and action the necessary changes in the program. Qualifications: Strong interest in understanding and solving data challenges with experience in information governance, data protection, and privacy policy Knowledge of and work experience with enterprise systems, networks, databases, and other technical domains Strong attention to detail, customer orientation, communication, and presentation skills including the ability to listen and quickly translate business needs into solutions and build effective working relationships Strong experience in building the capabilities for auto data classification, data security and data protection. Experience with classification standard definitions and settings Experience with Privacy requirements and work with personal information and its protection Strong strategic thinking, problem solving, and analytic skills Utilize metrics as means to improve performance Ability to adapt to change in emerging environments and work across multiple areas Experience in developing policies and procedures Experience in project management, project execution, and managing multiple priorities in a timeline driven environment Experience working in a highly regulated environment including an understanding of audit and compliance requirements Office 365 (Word, Excel, PowerPoint) Experience with systems supporting Compliance, Risk, Audit, Privacy, and Management such as ServiceNow, Archer, etc. Project/Program Management Business Intelligence tool experience Bachelor's degree or higher in information management, information systems, law, computer science or BA/BS in another discipline with equivalent experience Experience in the financial services industry Certifications Preferred: Certifications in Information, Data, Privacy Records or Security such as: Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), Certified Records Manager (CRM), and/or Certified Information Privacy Technologist (CIPT), Certified Information Systems Security Professional (CISSP), Information Governance Professional (IGP), Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA)
22/04/2024
Full time
*Position is bonus eligible* Prestigious Financial Company is currently seeking an Information Data Governance and Protection Analyst. Candidate will be responsible for supporting the development and implementation of the information governance, data protection, and privacy program. This includes supporting the development of strategies, policies, procedures, and controls related to the governance and protection of information throughout its life cycle. In addition, the role will work with stakeholders to define the information governance, data protection, and privacy requirements; will facilitate compliance with the identified requirements to control risk; will represent the program to internal and external stakeholders; and will support the development and implementation of training and awareness programs. This role will focus on compliance with applicable regulatory and legal rules and requirements (ie SEC-Regulation SCI, CFTC-System Safeguards, etc.) as they relate to information including support of regulatory exam and Internal Audit remediation planning, tracking, and mitigation. Responsibilities: Work with appropriate stakeholders and across the organization to create a culture that manages information as an enterprise asset Implementation of the information governance, data protection, and privacy program including the development of policies, procedures, and job aids Identification, implementation, and use of technologies to support program objectives and classification standards Execution of controls and risk assessments (eg, third-party risk, privacy, data protection) Responsible in performing the privacy impact assessment on data incidents and working with relevant stakeholders like Security Services and Legal to help closing the incident. Creation and execution of strategies to identify information across the organization and throughout its life cycle Preparation of program for regulatory and internal audits/examinations and timely remediation of any findings Use of technology/tools to track projects, manage deliverables and create reporting that support the program and its objectives Support of compliance assessments for information governance, data protection, and privacy including development of controls to measure risk Development and maintenance of the organization's Records and Information Management (RIM) program, ensuring information across all media and formats is properly retained and disposed including remediation of Legacy information Ensure retention, disposition, protection, and classification are addressed in new applications, platforms, and systems Collaborate with internal and external stakeholders to implement information governance, data protection, and privacy policies and requirements Support and develop training and awareness programs for information governance, data protection, and privacy. Identify trends in privacy and regulatory requirements, compliance enforcement, and action the necessary changes in the program. Qualifications: Strong interest in understanding and solving data challenges with experience in information governance, data protection, and privacy policy Knowledge of and work experience with enterprise systems, networks, databases, and other technical domains Strong attention to detail, customer orientation, communication, and presentation skills including the ability to listen and quickly translate business needs into solutions and build effective working relationships Strong experience in building the capabilities for auto data classification, data security and data protection. Experience with classification standard definitions and settings Experience with Privacy requirements and work with personal information and its protection Strong strategic thinking, problem solving, and analytic skills Utilize metrics as means to improve performance Ability to adapt to change in emerging environments and work across multiple areas Experience in developing policies and procedures Experience in project management, project execution, and managing multiple priorities in a timeline driven environment Experience working in a highly regulated environment including an understanding of audit and compliance requirements Office 365 (Word, Excel, PowerPoint) Experience with systems supporting Compliance, Risk, Audit, Privacy, and Management such as ServiceNow, Archer, etc. Project/Program Management Business Intelligence tool experience Bachelor's degree or higher in information management, information systems, law, computer science or BA/BS in another discipline with equivalent experience Experience in the financial services industry Certifications Preferred: Certifications in Information, Data, Privacy Records or Security such as: Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), Certified Records Manager (CRM), and/or Certified Information Privacy Technologist (CIPT), Certified Information Systems Security Professional (CISSP), Information Governance Professional (IGP), Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA)
The Armament supervisor is responsible to the Armament lead and should be an experienced and skilled technician undertaking a range of detailed maintenance activities on aircraft equipment and/or aircraft components. The post holder should have an excellent understanding of the construct of the approved Technical Information set and is competent to supervise personnel who are working on maintenance instructions and in accordance with the organisation's Regulatory Framework and should be able to demonstrate a distinct ability to analyse and diagnose faults to equipment & assemblies, follow diagnostic procedures and work effectively within a team providing guidance to less experienced team members in a diverse and dynamic operational environment. Responsible for maintaining airworthiness through appropriate task delegation and authorisation on an aircraft or aircraft component. Responsible for meeting agreed delivery targets at a tactical level. Demonstrates people management and leadership skills Demonstrates awareness of broader external dependencies and identifies areas for continuous improvement. In addition the Post Holder shall hold certain privileges delegated from the Maintenance Manager. RequirementsCore Activities: Undertake detailed maintenance, inspection and supervision activities of aircraft components. Assuring work carried out has been completed in accordance with the SOW/Work package using the relevant approved technical information. Resolving faults and maintenance issues, including an awareness of configuration management. Undertake and complete tasked maintenance & diagnostic activities on weapons systems/components which will include, as appropriate, component removals, inspections, repairs, modifications, fault rectifications, replacements and/or functional/system test. Will be responsible for the operational output of each Component MRO Workshop under their control in line with agreed customer requirements. Post holder will also have responsibilities for the cost and schedule adherence of the component maintenance activities. Supervise team to ensure that maintenance is undertaken to schedule and highlight any issues, escalate as required. Report on any impact to the wider programme. Responsible for meeting agreed delivery targets in the short to medium term through the supervision of others. Progress reporting against delivery targets to management. Undertake support tasks within the component maintenance facility which are required to maintain compliance with the MOE and AMC procedures (eg oversight checks, control of tooling/test equipment etc.) Undertake fault evaluation and raise ad hoc work cards and for found faults' during maintenance. Ability to scope and carry out independent and vital inspections. Maintain personal & teams task authorisation for working on components in accordance with AMC requirements. Required to provide support and guidance, including allocation of tasks to appropriately authorised maintenance technicians. Provide effective leadership and supervision to team members under your direct supervision. Key Activities: Performance indicators - Ensure the effective management of Part 145 activities by setting delivery targets, monitoring progress and developing performance improvement programmes. Prioritises activities within/across teams to maximise efficiency. Represents the Maintenance Manager at management reviews, where necessary. Responsible for the assessment of escalated issues for any impact on Continuing Airworthiness and generating effective resolution, or sponsoring escalation to management, as appropriate. Completion of activities - Ensure all Part 145 activities are appropriately documented and airworthiness records are maintained on relevant systems (IT/paper based). Ensure all Part 145 activities are performed by suitably qualified, experienced and authorised personnel. Ensure the integration of Part 145 activity within the business, including the engagement of key stakeholders at all stages of the process. Provide support and guidance to the team(s). Procedure/standards - Manage the Part 145 team(s) compliance with the Part 145 Exposition, its associated procedures and standards, and any other Company procedures and standards, as applicable. Identify, propose and implement change as required, whilst ensuring compliance. Safety Management System - Promote the application of Human Factors, Error Management, Risk Management and Safety Assurance within the Part 145 team(s), together with the proactive analysis, mitigation and management of Hazards. Management System Assurance - Ensure Part 145 team(s) activities are compliant with the AM&S Governance and Assurance framework. Ensure Process Confirmations and independent assurance audits are supported by Part 145 personnel and integrated within/across teams. Manage the response to audit findings in a timely and appropriate manner and provide information into the relevant reviews. Generate and implement effective improvements within/across teams to overcome any non-compliance and monitor effectiveness. Statutory/Regulatory & Legislative requirements - Able to demonstrate a good understanding and application of the relevant Continuing Airworthiness Regulatory framework, and ensure any Regulatory-driven changes are implemented within the Part 145 team(s) activities. Ensure compliance with all other requirements, eg ITAR, EaPW, ISO, etc. Contractual Requirements - Ensure compliance with all applicable contractual requirements, eg through support to contract reviews, and ensure any changes are implemented into the Part 145 activities, as appropriate. Requirements: Completion of an Engineering Apprenticeship, ideally in Aeronautical Engineering or Military equivalent apprenticeship/qualifications. Academic qualification for this role is a minimum of City & Guilds 2675 or 2661 in Aeronautical Engineering and Maintenance or equivalent. Experienced and competent leader at this level. Typically 2+ years' experience including type, classed as fully competent with all required 'Authorities' in place. Demonstrating breadth of experience, currency & recency via a Log Book (electronic or paper) capturing skills, knowledge and authorities for working on Aircraft type or in bays. Practical experience and expertise in the application of aviation safety standards and safe operating practices. A comprehensive knowledge of the Acceptable Means of Compliance. Management training. Leadership- Foundation. Human Factors- Standard Course Specification. E&PW Awareness- Standard Course Specification. ITAR Awareness- Standard Course Specification. Benefits Competitive Basic Salary 25 Days Annual Leave Annual Bonus On site Parking Pension Scheme Life Assurance
18/04/2024
Full time
The Armament supervisor is responsible to the Armament lead and should be an experienced and skilled technician undertaking a range of detailed maintenance activities on aircraft equipment and/or aircraft components. The post holder should have an excellent understanding of the construct of the approved Technical Information set and is competent to supervise personnel who are working on maintenance instructions and in accordance with the organisation's Regulatory Framework and should be able to demonstrate a distinct ability to analyse and diagnose faults to equipment & assemblies, follow diagnostic procedures and work effectively within a team providing guidance to less experienced team members in a diverse and dynamic operational environment. Responsible for maintaining airworthiness through appropriate task delegation and authorisation on an aircraft or aircraft component. Responsible for meeting agreed delivery targets at a tactical level. Demonstrates people management and leadership skills Demonstrates awareness of broader external dependencies and identifies areas for continuous improvement. In addition the Post Holder shall hold certain privileges delegated from the Maintenance Manager. RequirementsCore Activities: Undertake detailed maintenance, inspection and supervision activities of aircraft components. Assuring work carried out has been completed in accordance with the SOW/Work package using the relevant approved technical information. Resolving faults and maintenance issues, including an awareness of configuration management. Undertake and complete tasked maintenance & diagnostic activities on weapons systems/components which will include, as appropriate, component removals, inspections, repairs, modifications, fault rectifications, replacements and/or functional/system test. Will be responsible for the operational output of each Component MRO Workshop under their control in line with agreed customer requirements. Post holder will also have responsibilities for the cost and schedule adherence of the component maintenance activities. Supervise team to ensure that maintenance is undertaken to schedule and highlight any issues, escalate as required. Report on any impact to the wider programme. Responsible for meeting agreed delivery targets in the short to medium term through the supervision of others. Progress reporting against delivery targets to management. Undertake support tasks within the component maintenance facility which are required to maintain compliance with the MOE and AMC procedures (eg oversight checks, control of tooling/test equipment etc.) Undertake fault evaluation and raise ad hoc work cards and for found faults' during maintenance. Ability to scope and carry out independent and vital inspections. Maintain personal & teams task authorisation for working on components in accordance with AMC requirements. Required to provide support and guidance, including allocation of tasks to appropriately authorised maintenance technicians. Provide effective leadership and supervision to team members under your direct supervision. Key Activities: Performance indicators - Ensure the effective management of Part 145 activities by setting delivery targets, monitoring progress and developing performance improvement programmes. Prioritises activities within/across teams to maximise efficiency. Represents the Maintenance Manager at management reviews, where necessary. Responsible for the assessment of escalated issues for any impact on Continuing Airworthiness and generating effective resolution, or sponsoring escalation to management, as appropriate. Completion of activities - Ensure all Part 145 activities are appropriately documented and airworthiness records are maintained on relevant systems (IT/paper based). Ensure all Part 145 activities are performed by suitably qualified, experienced and authorised personnel. Ensure the integration of Part 145 activity within the business, including the engagement of key stakeholders at all stages of the process. Provide support and guidance to the team(s). Procedure/standards - Manage the Part 145 team(s) compliance with the Part 145 Exposition, its associated procedures and standards, and any other Company procedures and standards, as applicable. Identify, propose and implement change as required, whilst ensuring compliance. Safety Management System - Promote the application of Human Factors, Error Management, Risk Management and Safety Assurance within the Part 145 team(s), together with the proactive analysis, mitigation and management of Hazards. Management System Assurance - Ensure Part 145 team(s) activities are compliant with the AM&S Governance and Assurance framework. Ensure Process Confirmations and independent assurance audits are supported by Part 145 personnel and integrated within/across teams. Manage the response to audit findings in a timely and appropriate manner and provide information into the relevant reviews. Generate and implement effective improvements within/across teams to overcome any non-compliance and monitor effectiveness. Statutory/Regulatory & Legislative requirements - Able to demonstrate a good understanding and application of the relevant Continuing Airworthiness Regulatory framework, and ensure any Regulatory-driven changes are implemented within the Part 145 team(s) activities. Ensure compliance with all other requirements, eg ITAR, EaPW, ISO, etc. Contractual Requirements - Ensure compliance with all applicable contractual requirements, eg through support to contract reviews, and ensure any changes are implemented into the Part 145 activities, as appropriate. Requirements: Completion of an Engineering Apprenticeship, ideally in Aeronautical Engineering or Military equivalent apprenticeship/qualifications. Academic qualification for this role is a minimum of City & Guilds 2675 or 2661 in Aeronautical Engineering and Maintenance or equivalent. Experienced and competent leader at this level. Typically 2+ years' experience including type, classed as fully competent with all required 'Authorities' in place. Demonstrating breadth of experience, currency & recency via a Log Book (electronic or paper) capturing skills, knowledge and authorities for working on Aircraft type or in bays. Practical experience and expertise in the application of aviation safety standards and safe operating practices. A comprehensive knowledge of the Acceptable Means of Compliance. Management training. Leadership- Foundation. Human Factors- Standard Course Specification. E&PW Awareness- Standard Course Specification. ITAR Awareness- Standard Course Specification. Benefits Competitive Basic Salary 25 Days Annual Leave Annual Bonus On site Parking Pension Scheme Life Assurance
We are looking for one Security Management Specialist/ISO27001-Auditor for STRASBOURG (100% on-site) with EU-passport to start a 3x 1-year contract (extensions possible) for an EU-agency-client. Start date: in 2-3 months or earlier when you have an existing EU-Security-clearance. BACKGROUND Our client is an international organisation and a great reference in any CV! English speaking environment. This role will be 100% onsite in Strasbourg as long the restrictions are lifted. This is a real long-term contract with possibility of extension based on performance and budget availability (initial 220 day contract, where 2x 220 day extensions are foreseen). EU nationals ONLY (due to the "EU" security certifications required). We can't accept any longer UK-consultants, as long they don't have EU-security-clearance or another EU-citizenship (Please note, after Brexit the UK-consultants can't get any longer "EU" security clearances, which is mandatory for this position). Start date in 2-3 months. Earlier when you have an existing EU-security-clearance . We will support your request to get a SC clearance but this application might delay start by some weeks. This position requires "security clearance level: EU SECRET". If the candidate doesn't have a Security Clearance (SC) yet, then he/she can start working, when presenting: - A fresh criminal record (from his/her home country), plus ID-card copy. Our company is holding "FSC - Facility Security Clearance", so we are able to guide/sponsor you through the "PSC - Personal Security Clearance" procedure. The applicants attention is drawn to the important role that the curriculum vitae plays in the evaluation. Curriculum vitae shall illustrate the specific skills relevant to this request. We would like to receive CVs of suitable candidates together with pricing quotations, based on a daily net rate including travel costs for the services described. Europass-CV-format (DOC) will be required at a later stage, it's mandatory, we can provide template (please don't use the online forms). JOB DESCRIPTION The Job Description is "general", as usual in these EU-agencies, where we will learn about the specific focus of the role in the VC interview. TASKS Support the Agency's Information Security Officers in the management of information security and business continuity across organizational business processes and information systems; Develop security controls in the context of the agency's information security framework. Perform risk assessments; Develop Information Security Management System (ISMS)procedures; Develop conceptual, logical and physical security models as appropriate; Draft security policies, standards, procedures and guidelines in accordance with ISO27001; Develop security plans and documentation (eg, risk treatment plans, security test plans); Develop business continuity and disaster recovery plans; Perform security assessments and audits; Perform ISMS control audits; Perform ISMS gap assessments; Design security controls in accordance with agency information security policies and standards; Provide assistance in formal accreditation process for information systems handling EU sensitive and classified information. SKILLS Minimum 4 years of relevant education (master or equivalent) after the secondary school. Minimum 6 years of IT professional experience, of which Minimum 4 years of relevant professional experience in Information Security Management. I SO27001 implementation, management and audit; Relevant standards and good practice in information security management; Risk management; Governance, Risk & Compliance (GRC) practices and controls; ISO27001 security control audits and assessments; Developing security policies, standards and guidelines in accordance with ISO27001 and EU security policies and standards; Design, implementation and assessments of good practice security control frameworks such as SANS Top 20 Critical Controls, OWASP Application Security Verification Standard; Secure development processes (Security and Privacy design); Implementation of EU data protection principles in information system design and processes. Certificates, strongly desired: Certified Information Systems Security Professional ( CISSP ); Certified Information Security Manager (CISM); Certified Information Systems Auditor (CISA); ITIL/ITIL V3; BSI ISO27001 Lead Auditor Qualification. PROVIDER infom consulting is an owner-managed business and consulting firm in Germany. The company supports large corporations and larger SMEs across Europe. Our IT experts are realising projects for the European Institutions, United Nations agencies, International Organisations and multinational companies across the EU. If this sounds of interest, then please get in touch ASAP so we can talk about the role and your experience.
18/04/2024
Project-based
We are looking for one Security Management Specialist/ISO27001-Auditor for STRASBOURG (100% on-site) with EU-passport to start a 3x 1-year contract (extensions possible) for an EU-agency-client. Start date: in 2-3 months or earlier when you have an existing EU-Security-clearance. BACKGROUND Our client is an international organisation and a great reference in any CV! English speaking environment. This role will be 100% onsite in Strasbourg as long the restrictions are lifted. This is a real long-term contract with possibility of extension based on performance and budget availability (initial 220 day contract, where 2x 220 day extensions are foreseen). EU nationals ONLY (due to the "EU" security certifications required). We can't accept any longer UK-consultants, as long they don't have EU-security-clearance or another EU-citizenship (Please note, after Brexit the UK-consultants can't get any longer "EU" security clearances, which is mandatory for this position). Start date in 2-3 months. Earlier when you have an existing EU-security-clearance . We will support your request to get a SC clearance but this application might delay start by some weeks. This position requires "security clearance level: EU SECRET". If the candidate doesn't have a Security Clearance (SC) yet, then he/she can start working, when presenting: - A fresh criminal record (from his/her home country), plus ID-card copy. Our company is holding "FSC - Facility Security Clearance", so we are able to guide/sponsor you through the "PSC - Personal Security Clearance" procedure. The applicants attention is drawn to the important role that the curriculum vitae plays in the evaluation. Curriculum vitae shall illustrate the specific skills relevant to this request. We would like to receive CVs of suitable candidates together with pricing quotations, based on a daily net rate including travel costs for the services described. Europass-CV-format (DOC) will be required at a later stage, it's mandatory, we can provide template (please don't use the online forms). JOB DESCRIPTION The Job Description is "general", as usual in these EU-agencies, where we will learn about the specific focus of the role in the VC interview. TASKS Support the Agency's Information Security Officers in the management of information security and business continuity across organizational business processes and information systems; Develop security controls in the context of the agency's information security framework. Perform risk assessments; Develop Information Security Management System (ISMS)procedures; Develop conceptual, logical and physical security models as appropriate; Draft security policies, standards, procedures and guidelines in accordance with ISO27001; Develop security plans and documentation (eg, risk treatment plans, security test plans); Develop business continuity and disaster recovery plans; Perform security assessments and audits; Perform ISMS control audits; Perform ISMS gap assessments; Design security controls in accordance with agency information security policies and standards; Provide assistance in formal accreditation process for information systems handling EU sensitive and classified information. SKILLS Minimum 4 years of relevant education (master or equivalent) after the secondary school. Minimum 6 years of IT professional experience, of which Minimum 4 years of relevant professional experience in Information Security Management. I SO27001 implementation, management and audit; Relevant standards and good practice in information security management; Risk management; Governance, Risk & Compliance (GRC) practices and controls; ISO27001 security control audits and assessments; Developing security policies, standards and guidelines in accordance with ISO27001 and EU security policies and standards; Design, implementation and assessments of good practice security control frameworks such as SANS Top 20 Critical Controls, OWASP Application Security Verification Standard; Secure development processes (Security and Privacy design); Implementation of EU data protection principles in information system design and processes. Certificates, strongly desired: Certified Information Systems Security Professional ( CISSP ); Certified Information Security Manager (CISM); Certified Information Systems Auditor (CISA); ITIL/ITIL V3; BSI ISO27001 Lead Auditor Qualification. PROVIDER infom consulting is an owner-managed business and consulting firm in Germany. The company supports large corporations and larger SMEs across Europe. Our IT experts are realising projects for the European Institutions, United Nations agencies, International Organisations and multinational companies across the EU. If this sounds of interest, then please get in touch ASAP so we can talk about the role and your experience.