Information Security Risk Analyst
As an Information Security Risk Analyst, you will join a team of Information Security professionals in support of RHEA clients by providing Information Security services in various market sectors including space, critical infrastructure protection and defence. Duties will include delivery of security advice and guidance, risk analysis and management services, reports and other deliverables to meet client needs.
- Best practice advice and guidance in the areas of security programs, governance, doctrine, policies, standards, methodologies, procedures, and checklists;
- ISO 27000 series compliance evaluation, certification, audit and accreditation;
- Information security risk analysis including asset valuation, threat and vulnerability assessments, safeguards analysis, risk assessment and development of risk treatment plans;
- Information security business and privacy impact assessments;
- Business continuity, contingency and disaster planning / testing;
- Information security training and awareness;
- Information security program and project management.
The following skills and experience are mandatory:
- You have a post secondary degree or diploma in a relevant field. Example relevant fields include mathematics, computer science, information technology, information management, business management, risk management or similar. Technical certifications, diplomas or qualifications in information technology or information management, policing and security or related fields may also be accepted.
- You have excellent oral and written communications capability in English;
- You have experience in evaluation and management of security risks associated to information systems and information security solutions including for example:
- Experience conducting ISO 27000 series evaluations or audits;
- Firewall and VPN solutions;
- Intrusion detection and penetration systems (network or host based);
- Identity management and access control systems;
- Encryption and key management technologies;
- Malware detection and anti-virus systems;
- Security information and event management systems;
- Vulnerability analysis and patch management solutions;
- TCP/IP based router/switch networking equipment and solutions.
- You have knowledge or experience in the following areas:
- Information Security concepts involving Confidentiality, Integrity and Availability;
- Security Accreditation and Authorization or Security Certification and Accreditation;
- Statements of Sensitivity or Asset Valuation associated with a risk assessment;
- Threat and Risk Assessments, Vulnerability Assessments, and Safeguard Assessments;
- Privacy Impact Assessments Business Impact Assessments, Business Continuity or Disaster Recovery Plans;
- Information Security policies, standards, and procedures;
- Network and Physical Security zoning requirements;
- You must be a citizen of the EU or a NATO member nation;
- You have a professional qualification or certification in a relevant field. Example certifications include Certified Information System Security Professional (CISSP) certificate, Certified Protection Professional (CPP), Certified ISO 27001 Auditor or similar is considered an asset;
The following skills would be highly desirable:
- You have experience in information security services for space, critical infrastructure protection and defense market segments.
- You have a qualification for EU/NATO SECRET clearance.