[INTERIM] Operational IT Security Manager

The IT Security Manager will effectively implement and control the information security strategy, related to safety, compliance and security, and the protection of assets, to secure Confidentiality, Integrity and Availability of all information belonging to cutomer and stored in IT/OT systems. The IT Security Manager is responsible for the management, implementation and oversight of all security operations in support of staff and activities. Control IT risk to meet the business and compliance requirements of the organization and engage in adequate planning to detect, investigate, respond and recover from information security incidents to minimize business impact. The IT Security Manager reports to the Corporate Information Security Officer (CISO).

Key Accountabilities

  • Monitor and report on the information security incident process to the CISO and the Manager Operational IT Delivery in order to ensure high quality and timely delivery of IT services.
  • Monitor and report on the execution of the security information management process to the the CISO and Manager Operational IT Delivery in order to ensure high quality and timely service.
  • Manage and coordinate IT security operations ensuring that IT security procedures, policies and compliance are implemented and followed as per department and per terminal.
  • Contribute to the CISO coordination of security incidents emergency / crisis management by providing a timely and coherent response to incidents as they arise.
  • Provide additional operational support and guidance to the divisional information security managers and other teams as required.
  • Audit and review implementation and compliance of security policies, procedures and standards.
  • Handle security incidents (i.e. compromised information, virus infections, systems unavailability and data integrity problems).
  • Support CISO in defining and implementing Information Risk Management (IRM) policies, standards and processes/procedures.

Risk Assessment

  • Perform Business Impact Assessment
  • Perform Cloud Risk Assessments
  • Assess vendors
  • Assess Changes

Projects

  • Consultancy role and project participation
  • Assess solutions and designs
  • Consult on security findings of penetration tests
  • Guide POC's

Service Coordination Security Tooling

  • Develop and improve tooling
  • Promote security tooling and capabilities in org.

Security Operations

  • Incident response
  • 'Blue team' defensive hacking
  • Vulnerability/audit findings follow up
  • Security Reporting
  • Security Monitoring of firewalls and internet proxy
  • Manage security policies of IDS/IPS and internet proxy
  • Verify (privileged) accounts use
  • Compliance patch and update management of OS, software and Anti-Virus
  • Threat analysis

GRC/IT Control Framework

  • Follow up remediation tasks
  • Chase task follow up
  • Improve framework
  • Enlarge scope
  • Increase acceptance and user-friendliness

Security Testing

  • Coordinate penetration tests
  • Perform web application security tests
  • Perform blue team tests (exploit vulnerability)
  • Perform security observation round

Awareness

  • Presentations
  • Phishing campaigns
  • Publications on the Intranet and screens

Documentation

  • Create and initiate procedures
  • Edit and review policies and standards
  • Knowledge input and education
  • Attend security conferences
  • Follow news and developments
  • Read external reports

Required qualifications and experience

  • CISSP Information Security certification (a must)
  • CISM (Certified Information Security Manager)
  • IT Service Management process knowledge
  • Knowledge of COBIT, NIST, ISO/IEC 27001 and 27002, and ISA/IEC-62443
  • Higher vocational education

Details

DienstverbandInterim
Uren per weekFull Time
RegioZuid Holland
NiveauSenior
OpleidingsniveauHBO, WO
KwalificatiesCISSP