Security Risk Analyst

Yacht bv
Geplaatst op
Niet relevant
Op uurbasis
Op locatie
Security Risk Analyst


IS Risk Assessments is part of the Services arm of the Information Security Office. The department delivers shared information security services to the bank, its Dutch and foreign branches and subsidiaries.
¿ Key relationships
¿ Executing Information Security Assessments on applicable projects within the bank.
¿ Periodically assess critical applications and advise IT domains on the schedule for such assessments.
¿ External vendors to which Infrastructure - and Application development and maintenance is outsourced are regularly assessed for checking on adherence to corporate policies and standards on Information Security.
¿ All applications of the bank accessible through the Internet are on a regularly basis assessed (penetration tests) on Information Security Risks.
¿ Architectures of all projects in the bank are reviewed and judged for Information Security aspects.
¿ Functions as Project Executive (in Prince-2 terms) of projects that are initiated by ISO and executed by IT Solutions or IT Services and vendors.

The Senior Risk Analyst executes information security assessments, within the guidelines of Information Security Services, to realise a high quality of risk information for risk decisions about confidentiality and integrity of the bank's critical data and systems. The Senior Risk Analyst ensure that the risk assessments within his IT domain are engaged and executed timely and that the quality of the assessments and the issued reports are according to the internal standards.

Work organization (a.o. coordinates the (daily) activities of employees, in accordance with for the department applying directives, to realise progress and quality of production or services)
Service Delivery (a.o. carries operational responsibility for planning and coordination as well as the content aspects of identified risk, mitigations and security advice and the initiation of improvements as necessary)
Relationship management (a.o. manages relationships with customers and risk stakeholders in- and outside Services and in- and outside NL)
Risks & Mitigation Identification (a.o. identifies Information Security risk in existing, new or changed IT systems (IT Services and IT Solutions) using the agreed risk assessment process and quality standards)
Risk & Mitigation Tracking (a.o. support in the first level tracking of identified mitigating actions and provide alternatives as necessary during the lifecycle of the identified risks)
Risk & Information Security Advice (a.o. assures that the system owner or program sponsor understands the information risk and mitigation that has been identified in the assessment)
Business Support (a.o. takes care of communication of the information security risk management process and of risk related responsibilities to the system owner or change team, provides process related guidance and advice and manages expectations)
IS Architecture activities (a.o. gathers information on current architectural issues within an application domain)

HBO+, CISSP or similar IS professional qualification
5+ years experience in IT
3+ years experience in information security risk or technology / perimeter risk
Track record of creating and reviewing IS risk documents and reports
Experience in leading the development and implementation of new or changed standards and procedures
Minimum of 1 year experience in leading a (small) team of professionals
Experience working in a multi-vendor IT sourcing environment
Experience in the banking and/or financial services sector
Business/Commercial Knowledge
Capability to translate IS (technology or risk) issues into a language that the business understands
Understanding of AAB business strategy and strategic issues
Understanding of IT strategy and objectives
Knowledge of AAB's business, products and key clients
Broad understanding of the banking sector and current trends
Understanding of risk management, controls, BCP/DR and QA processes
Interpersonal Skills
Advanced knowledge and hands-on experience of IS assessment and risk management methodologies
In depth knowledge of at least one other area of the information security domain
Advanced building and maintaining relationships

Experience in ITIL and change management
Experience with rules and regulations (e.g. SOXA, WBP, ROB, BASEL, CAAML)
Substantial experience in explaining IS issues to (senior) management
Experience with bottom-up improvement of processes or services
Good stakeholder management
Good communications both written and spoken
Good planning and reporting skills
Good influencing skills
Good teamplayer
English proficiency

Reageren op de opdracht? Log in of Word gratis lid

2 reacties

  • Datum
    26-09-2016 15:23

    Reactie is prive en alleen zichtbaar voor de opdrachtgever en de plaatser van de reactie.

  • Datum
    27-09-2016 12:02

    Reactie is prive en alleen zichtbaar voor de opdrachtgever en de plaatser van de reactie.

Jouw reactie

Je moet inloggen voordat je een reactie kunt plaatsen. maakt gebruik van cookies. Door deze website verder te bezoeken, gaat u akkoord met het plaatsen van cookies.

Melding sluiten