Je postule




Expert cyber sécurité

Remote
Freelance
BAC+5

Job information

Start date: ASAP

Percentage: 100%

Location: Nyon (Swizterland) or Remote

Profile

The ICT Cyber Security Expert is part of Information and Cyber Security team and is reporting to the Information and Cyber Security Manager with close link to Information and Cyber Security Governance and Cyber Security Operations team.

 

He/she has a strong Cyber Security technical background and necessary soft and hard skills to help UEFA enforcing Information and Cyber Security Governance strategy as well as the security controls. He/she is willing to work in a challenging environment and ensure Information and Cyber Security governance principles are followed by UEFA, UEFA suppliers and partners.

 

The position is working with different ICT groups such as the business relation managers (BSMs), infrastructure, architecture, DevOps, and operations teams to provide them with Information and Cyber Security expertise.

Purpose

The tasks that the ICT Cyber Security Expert has to perform is described below:

 

-             Support defined ICT Information Security Governance and contribute to its improvement.

-             Perform security risk assessments by analysing security risks and computing environments to determine threat, vulnerabilities and recommend safeguards to mitigate risk.

-             Lead/perform 3rd-party risk management activities (on acquisition of new services, regular risk assessments, etc.).

-             Lead and follow-up the remediations identified during security assessments (vulnerability scans, penetration tests, internal audits, etc.).

-             Participate in the drafting, implementation and optimization of information security policy and standards.

-             Be "force de proposition" in all aspects of Information Security: governance, processes, and technologies, this for continuous improvement.

-             Contribute to ICT projects by ensuring that security standards and requirements are defined as part of the deliverables.

-             Supports Information and Cyber Security team in ensuring cloud best practices and UEFA cloud security guidelines are respected (with strong focus on O365, AWS and Azure).

-             Support the implementation of UEFA Secure Software Development Life Cycle (SSDLC).

-             Reviews, proposes, and ensure best practices in BYOD services (with strong focus on Microsoft technology), this in a joint effort with other teams.

-             Reviews, proposes, and ensure best practices in OSINT/CTI services, this in a joint effort with other UEFA teams.

-             Design and/or assist in the implementation of Information and Cyber Security solutions.

-             Provide technical studies, technical expertise, evaluate new products and technologies in relation with Information and Cyber Security, to protect against existing and emerging security threats.

-             Prepare reports and technical documentation for managers and users.

-             Supports Information and Cyber Security team in project management, change management and communication activities.

Requirements

Experience/skills required:

-             Minimum of 10 years / professional experience in Information Security.

-             Excellent knowledge of industry-adopted security standards and best practices (e.g., OWASP, ISO 27001/2).

-             Excellent knowledge in Information Security Governance, Risk Assessments, etc.

-             Good knowledge of technologies, products and architectures used in the field of information systems security.

-             Good knowledge in the areas of Incident and Response Framework (NIST SP 800-61 Rev. 2), both in terms of policy, plan, and procedures.

-             Good knowledge in the areas of Internet and web application security.

-             Good understanding of how various systems interconnect with each other.

-             Experience in working with hardware and software systems, including OSs, databases, applications, and networks.

-             Experience in computer knowledge in the areas of messaging, corporate directories, system, network security.

-             Strong ability to work independently and possess good project management skills.

-             Strong ability to communicate with top management, local IT staff/management, partners, vendors, and consultants.

-             Multidisciplinary approach.

-             Ability to demonstrate pragmatism.

-             Abstract thinker.

-             Problem solving expertise.

 

Education:

-             Bachelor's degree in a related area or equivalent work experience.

-             SANS Security Essentials (GSEC) or Cloud Security Essentials (GCLD), CSA Certificate of Cloud Security Knowledge (CCSK), ISO 27001 LI/LA, CISM, or CISSP certification is a plus.

-             Other security certification (e.g., AWS Certified Security, Azure/M365 Security Engineer) is a plus.

 

Additional requirements:

-             English / Proficient, French is a Plus

-             MS Office / Proficient