Belonging to the ICT & Managed Services Technical Division, the Information Security Consultant ensures that both software and infrastructure is designed and implemented to the highest security standards.
Aiming to enhance the application security posture, the job holder proposes and analyzes software designs as well as implementations from a security perspective.
Primary responsibilities include :
Development and application of Information Security Management System (ISMS), including security policies, procedures, guidelines in order to comply with ISO 27001 certification.
Development and application of Business Continuity Management System (BCMS), including security policies, procedures, guidelines in order to comply with ISO 22301 certification.
Perform holistic security assessments, including vulnerability assessments, penetration tests.
Design and implementation of security solutions.
Information Security Architecture Designs.
Developing and reviewing application architecture and design
Business-to-security alignment analysis
Prepare and deliver Information Security Awareness Training
A minimum of a University / College Degree in Computer Science, Information Technology or other relative discipline from a Greek or foreign institute
Master’s Degree in Information Security.
At least 6 years of proven expertise in solutions covering the sectors of : DLP, SIEM, WAF, PKI, H-IPS, N-IPS, Data Encryption, Endpoint Security, Identity & Access Management, Single Sign One, Governance Risk & Compliance (GRC) frameworks (ISACA COBIT, COSO ERM), availability & business continuity, regulatory frameworks (PCI DSS, ISO 27K, ISO 22301).
Extensive experience in :
Developing Information Security Documentation.
Penetration testing, source code review, application threat modeling.
Conducting risk assessments and knowledge relevant methodologies (e.g. CRAMM, OCTAVE, NIST SP800-30, ISO 27005 : 2011).
Information Security certifications with at least two (2) of :
CISSP (and / or any of its concentrations) CISA, CISM, CRISC, C-EH, GIAC, OSCP, CREST, CSSLP, ISO 27001 LA, ISO 22301 LA, CSA CCSK, SABSA.
Ability to work both independently and within multi-disciplined teams.
Excellent use of English language (verbal & written).
Outstanding communication skills.
Following qualification will be considered as a plus :
Knowledge of French language.
Java secure coding standard