Blue Team Lead

Job Description:

Trigyn has a contractual opportunity for a Blue Team Lead (Cyber Security). This resource will be working at our client site in Valencia, Spain.

Job Responsibilities:

The position will lead defensive security practices within the Information Technology Department (ICT). ICT manages the information systems and technology services required for Iclient's Headquarters, Regional and Field Offices. The analyst sets the standards and processes for defensive security approaches for ICT within client. The analyst will be part of the Blue Team. The Blue Team also monitors compliance with the standards and policies within ICT.

Job Purpose
The Analyst, Blue Team (Defensive Security) develops, implements, drives, and monitors the defensive security practices for Information Security and Risk Management at client.
He/She acts as the authority for the development and enforcement of organization policies, standards, and processes, and has ultimate responsibility for ensuring the detection and responding to threats. S/he guides the design and continuous improvement of the defensive security that balances business needs with security risks. S/he advises the CIO, CISO and top executives on defensive security matters and sets directions for complying with regulatory inquiries, legal and compliance regulations, inspections, and audits. S/he is an expert in cyber security compliance standards, protocols, and frameworks, as well as the NIST 800-53, NIST CSF, and NIST 800-37 (RMF).
S/he keeps abreast of cyber-related applications and hardware technologies and services and is constantly on the lookout for new technologies that may be leveraged to enhance work processes, or which may pose potential threats. S/he is an inspirational and influential leader, who displays sound judgment and decisiveness in ensuring that corporate information is well protected and secured. S/he is strategic in his/her approach toward resource management and capability development among her/his teams.
S/he directs and manages an independent assurance program for cybersecurity to assess, monitor and report on the operating effectiveness of security controls. Proactively and effectively reports on information security priorities, top risks, and action plans.
S/he is responsible to formulate, implement, and manage institutional information security strategies and programs designed to protect ICT’s information technology (IT) systems and information from illegitimate access and reduce/mitigate information security risks across the organization. S/he leads programs and processes to monitor the emergence of new threats and vulnerabilities, assessing impacts, and driving responses, as appropriate (incident response policies and standards). S/he leads the development and maintenance of a security and risk management functional capability and framework that defines and manages ICT’s overall approach to information risk and control that aligns with the client’s risk management strategy.
S/he ensures that clear and timely business advice is provided to management on key information security and assurance issues and that information security and risk is adequately represented on relevant business/governance forums and is known, well-integrated, and addressed across the organization. Maintain and implement business continuity and disaster recovery strategies and solutions to ensure organizational resiliency for client. Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board. Lead and manage the information security team.
S/he will report to the CISO and the Blue Team Lead and may supervise international, national, and administrative staff.

Responsibilities
a. Information Security Strategy, Policies, and Standards
•Provide vision, leadership, and direction on defensive security and IT risk for client. Collaboratively engage with all ICT teams and businesses to facilitate a standardized approach and structure to defensive security and IT risk.
•Liaise with the different ICT teams to ensure that standards, polices, and procedures are available and enacted consistently across application development projects and programs.
•Oversee the development and maintenance of standards and processes that fit the organization at all levels. Ensure consistent application of security standards across client’s (in HQ, regional and field offices) technical infrastructure.
•Establish an effective defensive security capability that includes customers and resource owners in the security decision-making and oversight.

b. Incident Response Management
• Incident response process from the monitoring and detection of incidents. Establish processes to detect, respond, and recover in a timely and proactive manner from incidents.
•Implement preventive, detective, and corrective technical security controls and solutions to support information security policies, standards, and procedures.
•Respond appropriately to investigations and forensic requests, managing situations with discretion, sensitivity, and objectivity, and with due consideration of chain-of-custody.
•Liaise with other IT specialists and relevant external parties to proactively review and address technical security vulnerabilities, threats, and risks and ensure that appropriate controls are implemented to prevent the recurrence of information security incidents.

c. Information Risk Management
•Strengthen sustainability of internal control reviews and ensure ongoing analysis of information security threats, vulnerabilities, and market trends. Determine the potential impact on the organization’s risk posture.
•Implement and maintain a mechanism to monitor risk response activities in ICT, report to management regularly.
•Liaise with the different ICT teams and other departments to ensure that IT audit findings are tracked, analyzed for impact, prioritized, and implemented in a systematic manner; ensure that all significant audit findings are closed in a reasonable amount of time; work closely with other ICT teams in implementing the IT policies and procedures required for addressing the audit findings.

d. Customer Service and Communications
•Build sound customer service across IOM to enable a strong understanding and close alignment with customer needs, direction, and risk appetite.
•Manage the creation and production of timely, accurate, and informative customer and IT metrics relating to defensive security and risk initiatives. Utilize the metrics to prioritize key initiatives and respond to negative trends.
•Develop and promote information security awareness training and education for all levels of staff and service providers. Regularly review and ensure its effectiveness.
•Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.

e. Cyber Security Analyst
•Provide analysis of our client’s operation for the development of policies, guidelines, and methodologies.
•Recommend cyber security control and measurement, and policy compliance for development operations.
•Liaises with external entities, such as cybersecurity advisory bodies, cyber threat intelligence entities, member states and external partners, and law enforcement agencies (in coordination with CIO, CISO, LEG, OIO, and HR) , etc. as necessary, to ensure that the organization maintains a strong security posture and is kept well abreast of the relevant security issues identified by these external entities.

Education

•Bachelor’s degree in computer science, information systems, mathematics, statistics or related field from an accredited academic institution with two years of relevant professional experience; or
•University degree in the above fields with four years of relevant professional experience.
•Professional certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Chief Information Security Officer (CCISO), Certified Secure Software Lifecycle Professional (CSSLP), Certified Secure Web Application Engineer (CASE), Certified Secure Web Application Engineer (CSWAE), Governance, Risk, and Compliance Professional (GRCP), Certified Ethical Hacker (CEH), or related will be a distinct advantage in addition to cloud computing certifications at associate/professional/specialty level from Azure and/or AWS.
•Information Technology Infrastructure Library (ITIL) and Prince2 Foundation are added advantages.

Experience
•Extensive experience in building a cybersecurity offensive team (Blue TEAM);
•Extensive experience in compliance and risk management;
•Extensive experience in creating and implementing test cases and test plans;
•Extensive experience in all aspects of application/data security (definition, implementation and validation);
•Extensive experience in simulating cyber-attacks and data breaches;
•Experience defining security strategies aligned with business and strategic objectives.

Skills
•Strong interpersonal skills;
•Solid organization and document, project management;
•Strong investigative skills;
•Strong ability to continue to learn and grow;
•Basic knowledge of reporting tools (., MS Excel, Power BI, Power BI Report Builder);
•Ability to translate technical security vulnerabilities into business risk/impact to applications;
•Demonstrated skill in creating security policies and procedures based on ISO27001, NIST 800-53 and Computer Information System (CIS) controls;
•Strong analytical and problem-solving skills and proactive thinking skills;
•Able to articulate complex, technical concepts to non-technical audiences;
•Strong English oral and written communication skills.