IT Controls Specialist / IT Security Process Specialist
Greet and challenging opportunity!
Over onze klant
Taken en verantwoordelijkheden
Expectations and obligations from the external regulatory stakeholders (Central Bank, Privacy Agency, etc), and internal stakeholders (Operational Risk Management, HO Cybersecurity, HO/EMEA IT Risk Management) have significantly increased over the last year(s). In addition, the scope of IT applications managed to support the business has increased, and activities from other departments have been onboarded within IT&DM. To ensure that the level of IT General Controls and process/application specific controls, in combination with relevant policies, procedures and implementations will stay in line with the expectations that come with a Dutch banking license (only part of MFG with such a license), Mizuho is looking for an IT Controls Specialist / Security Process Specialist.
- Design, implementation and proofing effectiveness of application-specific and global IT controls.
- Maintaining and performing the existing application-specific and global IT controls.
- Designing, implementing and safe-guarding IT processes and procedures.
- Ensuring that all policies, procedures and processes within IT are aligned with all relevant external and internal policies and requirements.
- Ensuring that all documentation required for reporting to any stakeholder is up-to-date, relevant, known & shared within the organisation and easy to access.
- Implementing and safe-guarding IT security protocols (for example regarding topics such as encryption, protocols for data sharing, compliance with relevant ISO/SOC requirements)
- Analysing the available data which is covered by logging within the current IT landscape, and being able to both take actions on the analysis results, and understand where logging should be improved to ensure compliance. Where-ever logging is not sufficient, being able to implement the required logging.
Experience with first line of defence IT Risk Management.
Experience with IT process management (both design, documentation, implementation and monitoring).
Experience with implementing security related protocols and tooling, and matching these to specific business requirements (cryptography, network security, cloud security)
- Minimum of 3 years experience with analytical tools and logging tools, both using and implementing them. Using available data to present a clear IT Risk overview to management (and being able to articulate and implement the required followup).
- Minimum 3 years experience with first line of defence risk reporting on an operational, tactical and strategic level (examples are HO reporting, RSCA reporting, DNB Information Security, continuous reporting to Head of IT and Board Level).
- Experience with hands-on implementation of IT projects, either in a developer or QA role.
- Experience with RBAC implementations.
- Good verbal and written communication skills.
- Fluent in English.
- Strong planner, with an eye for detail.
Working at a great employer, in an international and dynamic working environment. Competitive salary and good secondary benefits.