Analyste Securite projets with French - (25000GIB)

Looking for a French-speaking Security Risk Analyst who will be part of the team responsible for the security governance of the French entity ASSU and its international subsidiaries (7 subsidiaries, including 6 English-speaking and 1 French-speaking), whose activity concerns the fields of insurance (property and personal insurance).

RESPONSABILITIES

The mission mainly consists of contributing to:

• Analyze and validate security exceptions requests such as route openings, non-standard software installations, etc
• Accompany the IT teams in the implementation of Group security standards for their new/existing applications/infrastructure
• Monitor the security level of ASSU assets
• Follow-up on audit results of applications, third parties (partners, delegated entities, suppliers, etc.) and physical sites, carried out by another department or by the department itself, relating to the integration of vulnerabilities identified in risk analyses and the monitoring of associated remediation action plans
• Security support for business projects using risk analysis by identifying business issues, security requirements, associated action plans, and assessing intrinsic and residual risks for internal and third-party projects

And to a lesser extent:

• Managing IT operational risks (IT risks):

o Maintaining and updating the ASSU referential

o Development and maintenance of dashboards to monitor the progress of initiatives.

What you will do:

• Security files (and intermediate deliverables such as safety classification, expression of project safety needs, residual risk assessment for business managers)
• Security risk analysis and if required, risk acceptance forms
• Reporting elements, dashboards of security and risk indicators
• Managerial presentations (for IT and business) on the projects

Profile

• Advanced knowledge of risk analysis methodologies and security key topics (classification, AICT assessment, intrinsic/residual risks, risk scenarios)
• Knowledge of standards (ISO 2700x, ITIL, COBIT, etc.) and security governance principles.

Knowledge of security best practices in the field of IT systems management (authorizations, data anonymization, incident management, authentication, backup, archiving, security patch management, antiviral updates, network partitioning, NAC, wifi, etc)

• Knowledge of security tool administration principles: firewalls, proxies, SIEM, DLP, IDS, IPS, vulnerability scanners like Qualys, IAM systems

To a lesser extent:

• Knowledge/experience in security architecture areas
• Security monitoring / understanding and knowledge of the main security threats (virals, cybercrime, APT) and their distribution methods.
• Possibly, experience of IT security audit missions
• Security certifications (CISSP, ISO 27001, ISO 27005, NIST etc.)

Other skills:

• French (oral and written proficiency)
• English (oral and written proficiency)
• Knowledge of Excel and Powerpoint tools