Context
Many companies do not have a clearly identified CISO function and can control the security of the information system. I-Tracing offers these companies the opportunity to be accompanied by an IS security specialist consultant, who will bring their skills and experience to their daily work. The strengths of this offer are the ability for the company to benefit from regular but part-time interventions (reducing the cost of the function), to involve an expert consultant in regular contact with several clients (providing strong field expertise and varied) and to be able to rely on all skills of I-Tracing through the consultant (audits, integration, incident response, ...).
Missions
The consultant who will join the team may be required to carry out all the assignments traditionally assigned to the CISO:
- Identification of risks, definition and evolution of the security policy according to the business activities of the company: implementation of security methods and tools, implementation with users
- Budget the human and financial resources needed to implement the safety roadmap
- Define and guide the implementation of the audit plan
- Management and integration of security projects: perimeter protection, endpoint protection, data protection, cloud ...
- Develop and follow the security dashboards, particularly in terms of compliance with the IT security standards imposed on the company's subcontractors
- Define and evolve recovery and business continuity plans while managing security incidents to enable rapid service recovery and effective correction of weaknesses
- Monitor the implementation of action plans related to internal audit
- Define and develop the security framework and the awareness plan, disseminate them and ensure their application; set up communication actions in the event of a security incident
- Ensure a technological and regulatory watch to guarantee the security of the information system
- Management of security teams and correspondents
This content will be adapted to each client and each mission, according to the maturity of the company.
Skills :
The consultant sought must have varied skills and a great capacity for adaptation. He will have to be able to quickly appropriate a business and business context in order to quickly identify quick improvement points, possible medium-term actions and substantive topics. It will have to integrate into the existing structure and be pragmatic in the proposed answers, without being dogmatic but knowing how to impose the essential security points. He will have to be a good communicator.
Technical skills :
- Good knowledge of the global information system, urbanization and IS architecture
- Mastery of security technologies and related tools
- Good knowledge of risk assessment and control tools
- Good knowledge of IS security testing methods and tools
- Legal knowledge of security and computer law
- Knowledge of ISO standards and / or sectoral standards (PCI-DSS, LPM, ...)