Information Security Engineer
Publiée le 13/03/2025
TMC Luxembourg
Temps de travail
Langues parlées
Expérience professionnelle
Key Responsibilities:
- Audit & Compliance Management: Assist in the preparation, coordination, and response for internal and external security audits, ensuring adherence to industry regulations and standards.
- Remediation & Risk Mitigation: Track audit findings, define corrective action plans, and oversee their implementation to address security gaps.
- Performance Monitoring & Reporting: Measure and report key security metrics (KPIs, SLAs) related to cybersecurity services and ensure transparency with key stakeholders.
- Information Security Management System (ISMS): Support the development, maintenance, and continuous improvement of ISMS frameworks in alignment with best practices.
- Risk Governance & Policy Development: Assist in defining and maintaining risk management policies and procedures, ensuring security risks are properly assessed and mitigated.
- Risk Assessments: Conduct security risk assessments to identify vulnerabilities and provide recommendations to strengthen security controls.
- Third-Party Security Oversight: Support vendor security assessments, ensuring external partners and suppliers comply with established security policies.
Required Skills & Qualifications:
- Experience: Minimum 5 years of experience in Information Security Risk, Governance, and Compliance.
- Security Frameworks & Standards: Strong understanding of ISO 27001/27002, NIST CSF, CIS Controls, and other security regulatory frameworks.
- Certifications: Relevant certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor are highly desirable.
- GRC Platforms: Experience working with Governance, Risk & Compliance (GRC) tools for security audits and risk reporting.
- Analytical & Risk Management Skills: Ability to assess security risks, define mitigation strategies, and align policies with industry best practices.
- Communication & Documentation: Strong written and verbal communication skills to document security processes, engage stakeholders, and present compliance reports.
