Mission :
Contexte de la mission
Replacement of a departing internal resource for 6 months
Objectifs de la mission et tâches
Manage the Governance & Build team (4 people) of the Security Department, which is in charge of:
Security architecture: organizing and documenting the security model of the Company, advising projects on security-related decisions
Risk management: identifying, assessing and addressing risks
IT security compliance: aligning the practices with our compliance needs and goals
Security project management: orchestrating the implementation of solutions and processes
Propose key elements of the information security strategy, and drive its implementation
Monitor security trends, and discuss these with the SOC and the Red Team
Identify needs and gaps in the company together with the Red Team
Propose security projects to be carried out
Defend proposed projects with a risk- and fact-based approach
Plan and deploy operations for strategy roll-out
Compare market solutions aiming to propose the most adapted solution
Follow-up the implementation of security solutions
Communicate on security
Drive broad security awareness campaigns
Advocate the importance of information security to key stakeholders and create targeted communication materials
Present progress to Management and Product & Tech staff
Produce reporting for Executive Management
Drive a risk identification campaign
Carry out the product risk analysis, with product team support
Support the CISO for entity and third parties risk analysis
Define security measures to be implemented in product in regards with security policies and
processes
Follow-up security measures implementation
Drive third party security assessments and produce recommendations on third parties
Evaluate information security control performance and security objectives achievement
Gather security KPI with the aim of security control effectiveness measurement, and security control progress regarding security program
Identify and report to the CISO any gap related to the security strategy and policies
Ensure security assessments remediation action plans management
Define remediation action plan covering security issues
Ensure reporting and follow-up for security issues
Liaise with local and group stakeholders for security issues and remediation plan
Advice and support internal team for remediation action plan roll-out
INTERNAL AND EXTERNAL RELATIONSHIPS
Internal: Applications owners, Process owners, Business, SOC Team, Red Team
External: Auditor, Service Providers
FUNCTIONAL ENVIRONMENT
Splunk
CarbonBlack EDR
OneIdentity bastion
Livrables
Security policies
Projects security risk analysis and recommendations
Action plans for compliance
Le client: est une SSII spécialisée dans le placement des ressources humaines.
Durée indicative: 1 années
Tarif journalier indicatif: 400-550 €
Type de mission: Freelance en régie/ 25% en télétravail
Démarrage: ASAP
Lieu: Ile de France