Security Risk Analyst with French - (25000G8F)

The Client is looking for a French-speaking Security Risk Analyst who will be part of the team responsible for the security governance of the French entity ASSU and its international subsidiaries (7 subsidiaries, including 6 English-speaking and 1 French-speaking), whose activity concerns the fields of insurance (property and personal insurance)

RESPONSABILITIES

The mission mainly consists of contributing to:

· Security support for business projects using risk analysis by identifying business issues, security requirements, associated action plans, and assessing residual risks for internal and third-party projects

· Perform application security assessment for new and existing applications

· Review/negotiate security contractual clauses for various ASSU outsourcings

· Analyze and validate security exceptions requests

· Create and present to the business owners the results of various security tests in case vulnerabilities are found

And to a lesser extent:

· Actions to control the security level of applications.

· Support the deployment of the security framework for France/International projects.

· Managing IT operational risks (IT risks) at Société Générale Assurances:

o Maintaining and updating the ASSU referential

o Development and maintenance of dashboards to monitor the progress of initiatives.

What you will do:

· Security files (and intermediate deliverables such as safety classification, expression of project safety needs, residual risk assessment for business managers);

· Managerial presentation supports (IT and business) on projects;

· Interviews with IT, business owners and other stakeholders to determine applications sensitivity levels.

Profile

• Advanced knowledge of risk analysis methodologies and security key topics (classification, AICT assessment, intrinsic/residual risks, risk scenarios)
• Knowledge of standards (ISO 2700x, ITIL, COBIT, etc.) and security governance principles.

Knowledge of security best practices in the field of IT systems management (authorizations, data anonymization, incident management, authentication, backup, archiving, security patch management, antiviral updates, network partitioning, NAC, wifi, etc)

To a lesser extent:

• Knowledge/experience in security architecture areas
• Knowledge of the principles of administration of security tools: firewall, proxy, SIEM, DLP, IDS, IPS, Qualys type vulnerability scanner, IAM systems, etc.
• Security monitoring / understanding and knowledge of the main security threats (virals, cybercrime, APT) and their distribution methods.
• Possibly, experience of IT security audit missions
• Security certifications (CISSP, ISO 27001, ISO 27005, etc.)

Other appreciated skills:

• English (oral and written proficiency)
• French (oral and written proficiency)
• Knowledge of Excel and Powerpoint tools