ICT Risk & Security Consultant

Our Values: Trust | Respect | Team spirit

Our secret: Our people who make the difference with their integrity and competences!

ICT Risk & Security Consultant | Full-time contract or Freelance model | Athens - GR

Your daily work routine will include:

• Understands all aspects of company’ ICT methodology and influences vision and mission of the Security and Risk department;

• Participate in the implementation of the Clients security policy with reference to the configurations, systems and infrastructure;

• Perform 'Business Impact Assessments', in collaboration with the relevant stakeholders, in particular the Data Owners and linked System Owners that identify and define the IT security needs which guarantee the required security of the IT systems;

• Draw up, manage and maintain the security plans of all the IT Systems, ensuring that they are in line with the security framework of the European Commission;

• Review the system security plans periodically (yearly) and whenever a change with a significant security impact occurs;

• Identify and coordinate security measures common to all IT systems;

• Monitor the planning of the implementation of the identified security measures and support the implementing teams and perform Security gap analysis;

• Support risk management tools, techniques, and procedures to enhance risk management capabilities throughout the company;

• Enhance and support control acknowledgement and testing, continuous compliance monitoring, control execution, audit engagements and reporting;

• Advise the System Owners, System Managers and Project Managers on IT security matters and assist in the architecture, design, implementation and verification activities of IT security;

• Give support to the System Owners in Securing IT system development and acquisition;

• Act as the contact point with all related security services and as reference point for any required security information within the IT unit;

• Assess and manage IT technical controls through tools that establish baseline configurations for all major operating systems and identify exceptions to configuration standards.

Requirements

• BSc in Computer Science, Engineering, Business or relevant field;

• At least 3 years of proven related work experience in IT corporate environment;

• Relevant work experience in the Information Security and/or Data Privacy and Protection fields;

• Relevant professional qualifications and certifications in the areas of Information Security and Data Protection such as CISM, CISSP, CISA, CRISC, CIPM, ISO 27001 Lead Auditor, ISO 27005 Risk Manager, ISO 22301 Business Continuity Management, etc. will be considered an asset;

• Familiarity with Information Security and Data Protection principles, control frameworks, methodologies, industry best practices, legal and regulatory frameworks, such as GDPR, NIS Directive, NIST, ISF, ISO 27001, COBIT, HITRUST, PCI DSS, etc.;

• Good knowledge and experience of risk management methodologies (i.e., EBIOS, MEHARI, etc.);

• Technical background on web applications design and familiarity with their security technical aspects (i.e., OWASP guidelines, etc.);

• Strong communication and presentation skills and effective IT Security policy writing experience;

• Familiarity with information security governance, risk and compliance tool such as ServiceNow and Archer is a plus;

• Familiarity with ITSRM (IT Security Risk Management Methodology) and GovSec tool is a plus;

• Understanding of the Agile Software Development methodology;

• Excellent command of English both written and spoken (C1);

• Flexibility for travelling and able to work in an international and multi-cultural environment.
  

What is in it for you?

• A permanent contract with a compensation package that includes private medical insurance, meal vouchers, mobile plan (for the permanent contract option).

• Learning opportunities, in-house trainings, continuous coaching.

• Fun, respectful and supportive work environment that promotes work-life balance.

• Mobility opportunities to work abroad, in case of interest, as we have various job openings in our Group.

Why Trasys Greece?

• Strong team spirit attitude.

• Dynamic, intelligent, agile and talented teams.

• Large-scale challenging international projects.

• Allows you to take the ownership of your work from the beginning, having specific responsibilities.

• Active and meaningfully present in various IT communities (MoT, Angular, JHUG, etc.).

Trasys Greece, part of NRB Group, is an equal opportunity employer who welcome applications from all sections of society and do not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, or any other basis as protected by applicable law.