solera
The Role
The Security, Risk & Compliance (SRC) Analyst at Digidentity is tasked with maintaining Digidentity information security, quality and business continuity policies, processes and procedures and implementing them within Digidentity. The SRC Analyst will assist in various assessments and consult on remediation actions. The SRC Analyst will work in cross-functional capacity to extend the communication capabilities of SRC to other stakeholders within Digidentity. The SRC Analyst will work together with and report to the Chief Security Officer (CSO).
What You’ll Do
·Monitor, perform or participate in assessments, tests, reviews and audits (internal and external).·Monitor the quality of services of Digidentity.·Oversee remediation of nonconformities identified in reviews, assessments (self- and automated) and audits (internal and external).·Monitor current threats and trends and determine their possible impact including communication to relevant stakeholders.·Document and deploy security training specific to Digidentity (e.g. PKI)·Define and implement processes and procedures linked to security, quality and business continuity.·Ensure the quality of security assessments, tests, reviews and audits.·Inform the CSO about information security status and incidents and present improvement proposals.·Test elements of the incident, response and/or continuity plan.·Support the CSO with identification of newly identified IT risks and issues.·Analyse risks and issues including rating, periodic reporting, tracking, and validation of controls effectiveness.·Ensure cross-department collaboration and communication to ensure appropriate processes, procedures and tools are installed, monitored, and effectively operating and alerting·Ensure adequate registration, analysis and reporting of information security incidents·Participate in vulnerability and penetration assessments, monitor endpoint protection solutions and tools.·Maintain compliance baseline and participate in enforcement of compliance baseline.·Maintain Digidentity’s information security (ISO27001), quality (ISO9001) and business continuity (ISO22301) management systems·Participate in creation and maintenance of security documentation to meet compliance requirements.·Document and conform to processes related to security monitoring and detection.·Interface with technical personnel and other teams as required.
What You’ll Bring
Experience
·Experience in performing assessments and reviews.·3+ years of experience in Information Security.·Experience with Electronic Identification and Public Key Infrastructure.·Experience with analysing and accurately documenting processes and procedures.·Capable to analyse various standards, frameworks and regulations.·Able to execute risk assessments and implement remediation plans.·Experience in detail orientation, research, compilation, and reporting on data.·Experience working effectively as a member of a cross-functional team.·Able to prioritize own workflow.·Ability to handle multiple priorities on tight deadlines without compromising quality.
Qualifications:
·Bachelor’s Degree in Information Technology or equivalent required.·CISSP, CISA or CISM information security certification required (or equivalent).·Knowledge of information security design concepts and principles.·Expertise and advanced consultative skills including building collaborative relationships.·Excellent interpersonal, written and verbal communication skills.·Knowledge of IT regulatory requirements (e.g. GDPR and eIDAS regulations).·Knowledge of IT control frameworks (e.g. ISO, ETSI, COBIT or NIST frameworks).·Knowledge of IT infrastructure and security.·Self-motivated and comfortable with working in a small team.·Fluent in both English and Dutch.