management in decision making with implications for IT Security. You do this by :
Developing IT security standards and guidelines
Identifying, rating and reporting IT Security risks
Validating and assessing the risk for certain IT security changes
Performing security reviews and threat modelling sessions, as well as reporting the findings on a risk based approach
Ensuring compliance with IT Security standards
Embedding security in IT architectural building blocks and solution designs
Development of IT security architecture and initiating security improvement initiatives
Consulting and guiding the Security Operations team based on the Cyber Kill Chain Models and Cyber Threat Intelligence methodologies
You will act as Subject Matter Expert (SME) to support Group ISMS (Information Security Management System), IT, Business organization and critical suppliers, mainly within the area of infrastructure security, application security, cloud security and IoT security.
You will :
Signal risks and improve security measures in Vattenfall organization
Actively contribute in reporting to IT management about the IT Security
Interact professionally with relevant stakeholders of the organization and will act as IT Security Business Partner.
Actively support the Operational IT Risk Management and interact with the Group IT Risk Officer
Evaluate, assess, monitor and follow up risks with the Risk Owners. Report and escalate accordingly while supporting and driving mitigation activities.
Support, consult and guide business and IT projects as an IT Security Officer to make sure security by design is part of the deliverables and the solutions are compliant to security requirements.
About you :
We believe that you have an academic degree within the relevant areas of Information and / or IT Security. You have minimum 5 years of experience in relevant IT security position in an international / corporate environment and are fluent in English, other languages such as Swedish, German, Dutch and Polish are of additional value.
You have a high degree of co-operation and collaboration capabilities in a distributed work environment. Also you have proven technical security expertise in one or more of the infrastructure and / or application security.
Further more you have / are :
Current knowledge of relevant IT / Information Security legislations (e.g. Swedish Protection Security Act (NSI), EU NIS Directive, GDPR / data protection, Germany IT Security Act) in the European countries where Vattenfall operates
Thorough knowledge of relevant standards, such as ISO27001 / 2, NIST, CIS
Experience with and good understanding on Cyber Threat Intelligence methodologies : pivoting models, MITRE ATT&CK Framework, and the Extended Cyber Kill Chain.
Good understanding of Cyber Security topics and threat landscape and Cyber Security Incident Response processes
Working knowledge of cybersecurity principles, techniques and technologies
Past experience as a penetration tester and / or past active role in Security Operations is a plus.
Profound understanding of information technologies and architectures in combination with their respective connection to IT areas Security
Relevant IT Security certifications are plus. (e.g., CISSP, CISA, CISM, CRISC)
And other relevant cyber security relevant security certifications are bonus (e.g. GCFA, GCIA, GREM, GCIH, OSCP)