Information Security Risk Assessor Contrat : CDI

Référencée au sein de nombreux grands comptes en tant que fournisseur de prestation IT, Excel Management Conseil est une société de services en informatique existante depuis plus de 10 ans.

Riche d’une expérience significative en France et en Europe, notre groupe E.X.M.C se positionne en tant qu’acteur majeur sur le marché des sociétés de services en ingénierie informatique.

Nous intervenons à la fois sur des périmètres Métiers, Techniques et Opérationnels. Notre groupe affiche un effectif de plus de 300 collaborateurs disponibles et mobiles.

Nous sommes structuré autour de Quatre Pôles :

• Le Consulting et Assistance à Maîtrise d'Ouvrage (MOA, AMOA) dédié Banques, Finance, Assurances.
• L’ingénierie applicative (La maîtrise d'œuvre de projets informatiques (MOE), Ingénierie de développement, TMA, TRA, …)
• La production et les infrastructures (Ingénierie, Assistance Technique infogérance, architecture systèmes et réseaux, sécurité, cyber sécurité , Digital…)
• L’Informatique Décisionnelle et BIG DATA (Architecture(Avant-vente/POC/ Pilotage Projet) , Développement, Expertise (Hadoop,NoSQL, …))

Key Responsibilities
-Delivering IS Assurance Plan based on ISO Risk Management to secure project by design.
- Conduct security risk assessment using tools to capture and record operational security risks
- Deliver Information Security Assurance Plan to help IT Projects during their implementation.
- Collaborate with Information Security Analysts, Global IT Risk assessor
o to scope the security risk management and reporting requirements from risk management
framework.
- To socialize security risk assessment schedules and requirements with stakeholders, including third
party service providers.
- Assess and classify security risk assessment outputs and rate security risks as per the security risk
management framework.
- Collaborate with Information Security Analysts and engage with Operational teams to walkthrough the
results of the security risk assessment and seek mitigation action plans with timelines for each of
security risks.
- Collaborate with Information Security Specialist and escalate to Global IT Risk Assessor on lack of
progress.
-Collaborate with Group Operational risk team to share all security risks that have potential for Group
wide impact.
Must Have Skills
• Hands on experience on information security Risk Assessment methodology (Asset Criticality
Rating/Information Security Assurance Plan/Residual Risk Rating).
• Experience in preparing assurance plan
• Exposure on assessing risks on IT infrastructure, applications, web sites and cloud solutions
• Ability to deliver risk assessment outputs and rate security risk as per internal risk management
framework
• Experience in dealing with external providers, solution engineers, designers and
business/system/asset owners
• Exposure in articulating security risks to other teams globally

QUALIFICATIONS
Education
•Minimum Bac+5 in Networks and Security.
Certification
Mandatory : ISO27005 or CRISC Certification
Good to have : CISM, CISSP
Degree in Information Security
ISO 27001 Lead Implementer/Auditor Certification
PMP or Prince 2 Certification
Work Ethics
• Due to the sensitive, the role holder must have a demonstrated high level of work ethics, secrecy and
discretion. A background check will be performed.
Overall work experience in the field:
4-10 years relevant experience