Security Specialist

We have a current opportunity for a Security Specialist on a contract basis.

Background:

We are looking for a professional Security Specialist to join our Corporate Security team to support in our strategic and governance security environment. This would be an operational role running ongoing corporate security work-packages, also supporting various deliverables for projects. The team is made up of around 6 other members and they focus on reviewing, creating, and updating Security Policies and Standards following industry best practices.

Perfect candidate:
Security Specialist with an ability to perform cyber/technology risk assessments across multiple platforms which include Cloud applications, operating systems, and network infrastructure.

General Information:
• Start date: ASAP
• End date: 12 months contract
• Work location: Basel
• Workload: 100%

Tasks & Responsibilities:
Provide expert advice and operational experience on information security risk and control matters throughout the organisation. This includes:

1. Review of existing security standards/baselines and creation of new ones
2. Conduct compliance reviews/audits of the organization’s information assets.
3. Support the maturing of the penetration testing strategy and support in scoping and engagement with third parties
4. Review and advise on the security measures to protect the confidentiality, integrity, and availability of the client’s information assets and critical services.
5. Perform risk assessments and contribute to reviews of the assessment methodology
6. Contribute to the implementation of industry-recognized key critical controls and contribute to Corporate Security compliance mandate
7. Support the team on technical security projects, in particular to develop and enhance the client’s security policies and procedures. Participate in the gathering and analysis of information from security-related sources

Must haves:
• Familiarity with industry-recognized frameworks and controls (e.g., NIST CSF, CIS, OWASP, SANS, etc…). We are looking for experience in implementing these frameworks.
• Security knowledge in cloud technology, operating system, application security, penetration testing, and sound knowledge of cyber governance risk management practices
• Certification in security-related disciplines and technologies would be an advantage (accreditation such as CISSP, CRISC, CISA, OSCP, PCI DSS)
• Experience with documenting and communicating results that may be consumed by both developers and management-level audiences.
• Experience with some of the following:
o Security Policy and Standard creation
o Risk management processes

Nice to Have:
• TFS, SharePoint, DevOps
• Azure Security Centre
• Compliance monitoring tools
• KRI/KPI development and monitoring
• Nexpose

If you are interested, please apply with your latest CV.