ICT Security Specialist
Division / Unit: Services / Information & Communication Technology
Contract type: Fixed Term
Start date: 01.10.2022
End date: 30.09.2024
The Information Security Specialist is a member of the ICT Information Security Governance (SecGov) team, reporting to the Information Security Manager and working closely with other Information Security Specialists and the Information Security Operations (SecOps) team.
The ICT Security Specialists have a strong information security governance background and the necessary soft and hard skills to propose, enforce and optimise ICT SecGov as well as the security controls. They are experts in information security governance principles and have broad-ranging understanding of technical security concepts.
They work with various ICT groups, such as the business service managers (BSMs), infrastructure, architecture, DevOps, and operations teams, providing them with ICT security governance support and expertise.
The role comprises the following duties:
- Supporting defined ICT SecGov and contributing to its improvement;
- Carrying out internal security risk assessments by analysing business security risks and computing environments to determine threat, vulnerabilities and recommend safeguards to mitigate risk;
- Leading/performing third-party risk management activities on acquisition of new services, regular risk assessments, etc.;
- Leading and following up on remediations identified during security assessments: vulnerability scans, penetration tests, internal audits, etc.;
- Participating in the drafting, implementation and optimisation of the information security policy and standards;
- Being proactive in the continuous improvement of information security: governance, processes and technologies;
- Contributing to ICT projects by ensuring that security standards and requirements included in the deliverables;
- Supporting ICT Information Security team to ensure cloud best practices and UEFA cloud security guidelines are adhered to, with a strong focus on O365, AWS and Azure;
- Finalising UEFA's information security incident response plan and helping to implement it;
- Drafting and helping to implement UEFA's secure software development life cycle (SSDLC);
- Helping the ICT Information Security team to create SIEM business use cases and ensuring the necessary information is collected, with a strong focus on Microsoft technology;
- Providing technical studies and expertise and evaluating new ICT security products and technologies to protect against existing and emerging security threats;
- Preparing reports and technical documentation for managers and users;
- Assisting the ICT Information Security team with project management, change management and communication activities.
- Minimum of 4 years of professional experience in information security
- Bachelor's in information security or equivalent work experience
- Technical Diploma SANS Security Essentials (GSEC) or Cloud Security Essentials (GCLD), CSA Certificate of Cloud Security Knowledge (CCSK), ISO 27001 LI/LA, CISM, or CISSP certification would be an asset
- Other security certification (e.g., AWS Certified Security, Azure/M365 Security Engineer) would be an asset
- English / Advanced
- French / Advanced
- German / Intermediate
- Excellent knowledge of industry security standards and best practices, e.g. OWASP, ISO 27001/2
- Excellent knowledge of information security governance, risk assessments, etc.
- Deep interest and a strong interest in writing policies and standards
- Good knowledge of technologies, products and architectures used in the information systems security sector
- Good knowledge of the Incident and Response Framework (NIST SP 800-61 Rev. 2), in terms of policy, planning and procedures
- Good knowledge of internet and web application security
- Good understanding of how various systems interconnect with each other
- Experience working with hardware and software systems, including OS, databases, applications, and networks.
- Experience in messaging, corporate directories, systems and network security
- Confirmed ability to work independently and good project management skills
- Strong ability to communicate with top management, local IT staff/management, partners, vendors and consultants
- Multidisciplinary, pragmatic approach
- Abstract thinker and problem solver