Senior Analyst, Information Security Management

Senior Analyst, Information Security Management
Romania - Bucharest
Reporting to George TOUNTAS

ROLE DESCRIPTION SUMMARY

• The jobholder contributes to the development and continuous improvement of the SES information security management and policy framework and manages information security projects as laid down in the SES information security roadmap.
• He/she manages information security risks and designs/implements information security concepts to adequately safeguard information assets of SES, its affiliates and commercial platforms.
• The job holder will also provide Information and Cyber Security related project support and internal consultancy within the organization as well as for customer related projects.

PRIMARY RESPONSIBILITIES / KEY RESULT AREAS

• Coordinate the development and continuous improvement of the SES information security management system in accordance with industry standards and best practices
• Identify, assess and manage information security risks
• Manage compliance to the information security policy framework
• Liaise with relevant stakeholders across the organisation to develop and promote information security policies, standards, processes and procedures 
• Support the definition and implementation of SES’s information security strategy and framework
  • by assessing information security risks and
  • specifying and implementing information security controls to mitigate key risks.
• Manage assigned information security projects and budgets as laid down in SES’s information security strategy and deliver them within time, cost and scope.
• Design, implement and document information security concepts and information security controls, including coordination of various business stakeholders and engineering groups.
• Perform information security audits and vulnerability assessments and support the management of vulnerabilities
• Support the detection and analysis of information security incidents and manage adequate responses to information security incidents
• Support the development and maintenance of SES’s information security awareness program and delivery of awareness sessions
• Provide clear, concise, timely and constructive recommendations regarding information security in all areas related to information systems, networks and applications
• Travel as required

COMPETENCIES

• Good project management skills
• Possess the ability to explain security rationales and controls to non-technical audiences
• Understand all stakeholders in the Information Security Management processes
• Autonomous, innovative mind and good problem-solving skills
• Excellent team player
• Sound analytical skills as well as the ability to provide practical conclusions
• Ability to coordinate business requirements and work, both autonomous and in interdisciplinary teams
• Ability to effectively respond to and interact with all levels of organizational staff
• Be fluent in English (any other language being an asset);
• Excellent written and verbal communication skills.

QUALIFICATIONS & EXPERIENCE

• Degree in Computer Science and minimum of 6 years of industry related experience
• NATO nationality is a must, EU Nationality is a plus. Must be willing to undergo Personal Security Clearance process, if required.
• Excellent knowledge of Information Security Standards and good practices, including ISO 27000 series, NIST SP-800 series (e.g., NIST800-53), etc.
• Relevant certifications (e.g., ISO 27001 Lead Implementer, ISO 27005 Certified Risk Manager, CISM, CISA, CISSP) and knowledge of the satellite industry are a plus
• Very good hands-on knowledge of and experience with implementing and maintaining Information Security Management Systems in accordance with ISO 27001 and best practices
• Consulting experience would be a plus
• Very good hands-on knowledge of and experience with securing cloud environments
• Information Security Risk Management frameworks and methodologies
• Network security, system security, application security and security design
• Cyber Security threats, vulnerabilities, security technologies and controls
• Data Protection and Data Privacy
• Vulnerability, compliance and patch management for complex networks, systems and applications