01 April 2018
01 October 2019
2554€ (Non-contractual allowance laid down by decree and order, whose amount may vary in particular depending on the changes to the reference scale, the location of the position and the cases for deductions set out in the texts)
The Amer Infrastructure Security team (GTS/SEC) ensures that processes / measures implemented by GTS in the area of IT security and operational risks are aligned with Group / GBIS ISS policies, GTS IT security standards and local regulations.
During your VIE mission you will be in charge of these responsibilities :
Assist the GTS/SEC team members on the following areas, but not limited to:
IT Infrastructures Security Management
•Setup and maintenance of tools and controls supporting the vulnerability management process, specifically:
o Vulnerability scans tools (e.g. Qualys, DBProtect);
o Development of in-house tools (e.g. using powershell and/or python scripting) to automate the production of various reporting / KRIs for vulnerabilities and remediation actions follow-up;
o Design and implementation of controls to verify vulnerability management process proper execution (e.g. scan scope coverage; timely and effective remediation of vulnerabilities).
•“Daily” follow-up of vulnerabilities assigned to GTS teams in order to ensure timely and complete remediation of critical vulnerabilities, including escalations when needed.
Information Security projects
•Contribution to projects (i) for the implementation of IT security tools supporting GTS/SEC activity (e.g. RSA Analytics); (ii) lead by SAFE (e.g. NYDFS) or GTS Paris (SIGMA program);
Security Operations Center (SOC)
•Assist the SOC for the design and implementation of security events / incidents management procedures and for the daily management of the IT infrastructures logs management platform
Operational Risks management
•Managerial Supervision (MS): Follow-up of the proper execution of managerial supervision controls to ensure adequate risk coverage and compliance with global / local regulations; and the correction of anomalies and action plans in the entire Amer Region (if any).
•Audits: Contribution to security audits lead by SG Amer Internal Audit or consulting companies (e.g. penetration tests); On the GTS perimeter, contribution to action plans to ensure recommendations are closed timely;
•Realization of SEC monthly dashboards including overall operational security management (e.g. SOC and vulnerability management) and operational risks management (Audit points; Managerial controls; access to production) KRIs;
•Realization of SEC weekly dashboards including projects KPIs and SOC related KRIs.
The VIE assignment in a nutshell
This VIE in Jersey City (Close to NYC) is to begin as soon as possible but you need to plan 3 months between your application date and the beginning of your VIE assignment. It will last 18 months.
The VIE is a specific contract, under Business France’s eligibility criteria, opened to candidates under 28 and from the member states of the European Economic Space. For further information, please see www.civiweb.com.
You are graduated with a Master degree from Engineering or Business School or University in IT.
You are fluent in English and French
·IS Security (knowledge of IT security principles, best practices, tools that are used in securing IT resources)
·Scripting skills (e.g. Powershell and/or python)
·Good MS Office (Word, PowerPoint, Visio, Excel) skills;
·Network Security (knowledge of how firewalls, proxies, IDS and IPS work and how they can secure an organization)
·Knowledge of application architecture
·Knowledge of security scanners (e.g. Qualys/DBProtect…)
·Knowledge of SIEM products (e.g. RSA SIEM/, Balabit…)
·Knowledge of IDS/IPS products (e.g. SourceFire, Cisco products…)
·Report creations with Business Intelligence tools
·Knowledge of Firewall products (e.g. Juniper, Cisco, CheckPoint…)
· Knowledge of Advanced Persistent Threat products (Ellusive, TrendMicro…)
PRIOR WORK EXPERIENCE
·1+ years in IT infrastructures security
·Experience in an Architecture team
·Experience in a development team
·Specialization in Information Systems Security
·CISSP, CISM, or CISA certifications a strong plus.
·Knowledge of US IT Security regulatory requirements and environment in financial services industry a plus (i.e. FFIEC, DFS).
Avant de postuler, veillez à vérifier les conditions d’éligibilité pour cette destination http://www.civiweb.com/FR/le-volontariat-international/conditions-du-VIE.aspx
Le visa requis dans le cadre d’une mission VIE est en effet soumis à des conditions de formation et/ou d’expérience