Information Security Officer (m/f/x)
Publiée le 11/12/2024
Luxair
- Luxembourg (Canton), Luxembourg
- Tourisme / Voyage
For our department IT Infrastructure within General Services, we are looking for a (an):
Information Security Officer (m/f/x)
Description:
As an Information Security Officer you will actively contribute to maintaining and strengthening Luxair group's information security posture.
With a strong interest in information security you will be part of our IT Infrastructure team and handle the management of the information security management system and all related activities of the department.
Responsibilities:
- Participate in the creation and maintenance of information security policies, standards, baselines, guidelines and procedures in collaboration with keys stakeholders (business and technical teams)
- Contribute to the development of an effective information security awareness program and provide planned trainings
- Actively monitor the state of security systems, company network and technical controls to ensure their effectiveness and suggest improvements
- Contribute to the collection of security logs and leverage existing solution (SIEM..) to identify abnormalities and violations scenarios in close collaboration of a Manage Service Security Provider
- Develop and maintain secure operation processes and incident response playbooks
- Respond in a timely manner to escalated security incidents and work with external and/or internal stakeholders to provide timely resolution. Initiate incident reporting and post-incident status as necessary
- Contribute to the overall access control management
- Monitor the compliance with information security policies and standards including PCI-DSS and participate in external organization audits or certification as directed
- Participate in the design and execution of vulnerability assessments, penetration tests, security audits, and remediation of identified vulnerabilities
- Performs vulnerability scanning for network devices, applications and databases to identify vulnerabilities
- Perform risk and security assessment based on established standards
- Participate in the planning and design of the company Business Continuity and Disaster recovery Plan
- Contribute to the creation and maintain up-to-date baselines, secure configuration and system hardening activities with internal technical teams
Education & skills
- Bachelor in Computer Science/Information Security or equivalent combination of education and experience that satisfy the requirements of the position
- Previous relevant experience in Information Security
- Experience troubleshooting common network devices, network vulnerabilities and network attack patterns
- Experience with Microsoft 365 and Office 365 Enterprise Mobility and Security E5 components, including ATP2, CloudApp, Azure AD Identity Protection
- Hands on experience managing an array of security tools (e.g. Web Content Filtering, Malware, Firewalls, Intrusion Protection, etc.)
- Working knowledge of information security control technologies including access control, cryptography, vulnerability management, SIEM/log management, ID/IPS, and penetration test
- Knowledge of industry best practices, standards and regulations (ISO27001, ISO27005, GDPR, PCI-DSS…)
- Strong passion and interest in information security
- Ability to collaborate with both technical and non-technical staff
- Organized, proactive and customer-oriented
- Good analytical skills with the ability to clearly explain and summarize ideas
- Strong critical thinking and problem solving skills
- Self-motivated individual and able to work methodically with minimal supervision
- Positive can-do attitude with a mature and professional approach
- Excellent verbal, written and interpersonal communication skills both in English and French as well as attention to detail