Cyber Security Consultant - Anankei

Brussels BE

As a member of the Security Governance department, the Security Consultant assists the team on making sure the policy framework is aligned with threat landscape, business transformation, technology capabilities and organisational structure.

You will become accountable for specific-scoped assignments and must be able to:

identify and prepare amendments to the policy framework by:
-writing functional security requirements in collaboration with our CSIRT team which provide a sufficient protection for the customer resources based on Attack Vector
-verify making sure those function security requirements can be met using available technology

-assist the Enterprise Security Architecture team in mapping security requirements to IT Architecture Building Block used by IT to create High-Level Design
-assist the Enterprise Security Architecture team in defining Security Requirements for Security Solution Building Block
-assist IT in identifying and providing remediation to possible compliance issues
-develop High Level Security Requirements to translate to leadership team (Director-level) detail security requirements for them to understand the security impact on their business
-work with both our CSIRT & Enterprise Security Architecture teams to maintain Attack Vector on Architecture Building Block updated

What is key is:
- We need a motivated, flexible & curious person, who has a technical background and moved into IT Security, someone who worked on recent technologies (IoT, Big Data, Cloud (SaaS, IaaS, PaaS), API Management, Application Security, ICS, BYOD & mobility, etc.)
- An IT Security Architect who wants to do compliance is very interesting
- Soft skills are very important (check that section in the job description)
- We are NOT looking for: Pure GDPR profiles, legal profiles, ISO experts without the recent technology involvement or flexibility



Applied and integrated a broad variety of security technologies, producing layered, defence-in-depth security architectures
Applied Information Security industry standards / best practice frameworks (e.g. SANS 20) in large organisations
Maintained a holistic perspective on the security capabilities needed to support or deliver the enterprise's strategic goals and objectives
Fully aware of available security capabilities and challenges related to: IoT, Big Data, Cloud (SaaS, IaaS, PaaS), API Management, Identity & Access Management, Application Security, Safe development environment, ICS, BYOD & mobility
Familiar with regulatory and legal requirements related to information Security and Data protection
You understand intuitively which elements should be present in a High-Level Design and which elements should be part of a Detailed Design
You have already worked in both very dynamic and very formal environments and can combine strengths of both

Soft skills:
You are a doer, are result-oriented and you don’t lose focus
You are passionate about cyber security and you are to keep pace with emerging technologies and trends, standards and products
You can write in simple terms and short sentences formal information such as control procedure or security requirements
You have experience in stakeholder management across all levels of an organisation, equally comfortable presenting a PowerPoint on risk to the board as speaking to engineers in the field on a specific risk
You are intuitive and quickly see if something doesn’t look right
You can be imaginative to solve complex problems
You are self-aware as you will collaborate with everybody to stay up-to-date, to maintain trust and make use of everybody’s skillset
You are honest and loyal – you can report sensitive matters in confidence and you can also tell when you don’t know
You understand that good is better than perfect

Specific technology & governance skills:

You understand the following ISMS standards & frameworks: ISO 27001, ISO 62443, SANS CSC20 & OWASP
You have a basic understanding of networking technologies: routing & switching standards, Access control (WPA, 802.1x, advanced firewalling techniques, IDS, endpoint firewalls...), traffic analysis techniques (Sniffing, Netflow...), VPN (IPSec, MPLS) standards
You are familiar with IT and security infrastructure standards: Directory technologies, federation & AAA (OAuth2, Radius...), logging standard (syslog, Windows Event Log...), APIs & related gateway web technologies (REST, API gateway...), unstructured data encryption (RMS), O/S (mobile & server) & related management systems (MDM, MAM...)


Fluency in English language in addition to your mother language – both verbal and written, with the ability to communicate clearly