Job Application

We are looking for one Security Management Specialist/ISO27001-Auditor for STRASBOURG (100% on-site) with EU-passport to start a 3x 1-year contract (extensions possible) for an EU-agency-client. Start date: in 2-3 months or earlier when you have an existing EU-Security-clearance.

BACKGROUND

• Our client is an international organisation and a great reference in any CV! English speaking environment.
• This role will be 100% onsite in Strasbourg as long the restrictions are lifted.
• This is a real long-term contract with possibility of extension based on performance and budget availability (initial 220 day contract, where 2x 220 day extensions are foreseen).
• EU nationals ONLY (due to the "EU" security certifications required). We can't accept any longer UK-consultants, as long they don't have EU-security-clearance or another EU-citizenship (Please note, after Brexit the UK-consultants can't get any longer "EU" security clearances, which is mandatory for this position).
• Start date in 2-3 months. Earlier when you have an existing EU-security-clearance. We will support your request to get a SC clearance but this application might delay start by some weeks.
• This position requires "security clearance level: EU SECRET". If the candidate doesn't have a Security Clearance (SC) yet, then he/she can start working, when presenting:
  - A fresh criminal record (from his/her home country), plus ID-card copy. Our company is holding "FSC - Facility Security Clearance", so we are able to guide/sponsor you through the "PSC - Personal Security Clearance" procedure.
• The applicants attention is drawn to the important role that the curriculum vitae plays in the evaluation. Curriculum vitae shall illustrate the specific skills relevant to this request.
• We would like to receive CVs of suitable candidates together with pricing quotations, based on a daily net rate including travel costs for the services described.
• Europass-CV-format (DOC) will be required at a later stage, it's mandatory, we can provide template (please don't use the online forms).

JOB DESCRIPTION

The Job Description is "general", as usual in these EU-agencies, where we will learn about the specific focus of the role in the VC interview.

TASKS

• Support the Agency's Information Security Officers in the management of information security and business continuity across organizational business processes and information systems;
• Develop security controls in the context of the agency's information security framework.
• Perform risk assessments;
• Develop Information Security Management System (ISMS)procedures;
• Develop conceptual, logical and physical security models as appropriate;
• Draft security policies, standards, procedures and guidelines in accordance with ISO27001;
• Develop security plans and documentation (eg, risk treatment plans, security test plans);
• Develop business continuity and disaster recovery plans;
• Perform security assessments and audits;
• Perform ISMS control audits;
• Perform ISMS gap assessments;
• Design security controls in accordance with agency information security policies and standards;
• Provide assistance in formal accreditation process for information systems handling EU sensitive and classified information.

SKILLS

• Minimum 4 years of relevant education (master or equivalent) after the secondary school.
• Minimum 6 years of IT professional experience, of which
• Minimum 4 years of relevant professional experience in Information Security Management.
• ISO27001 implementation, management and audit;
• Relevant standards and good practice in information security management;
• Risk management;
• Governance, Risk & Compliance (GRC) practices and controls;
• ISO27001 security control audits and assessments;
• Developing security policies, standards and guidelines in accordance with ISO27001 and EU security policies and standards;
• Design, implementation and assessments of good practice security control frameworks such as SANS Top 20 Critical Controls, OWASP Application
• Security Verification Standard;
• Secure development processes (Security and Privacy design);
• Implementation of EU data protection principles in information system design and processes.

Certificates, strongly desired:

• Certified Information Systems Security Professional (CISSP);
• Certified Information Security Manager (CISM);
• Certified Information Systems Auditor (CISA);
• ITIL/ITIL V3;
• BSI ISO27001 Lead Auditor Qualification.

PROVIDER

infom consulting is an owner-managed business and consulting firm in Germany. The company supports large corporations and larger SMEs across Europe. Our IT experts are realising projects for the European Institutions, United Nations agencies, International Organisations and multinational companies across the EU.

If this sounds of interest, then please get in touch ASAP so we can talk about the role and your experience.