The external consultant will join the Digital Transformation and Data division of a prominent, large-scale international public institution. Operating under the direct guidance of the Local Information Security Officer (LISO), the candidate will serve as an expert advisor to help system owners and internal IT vendors operationalize the institution's comprehensive cybersecurity framework.
The mandate ensures that all critical institutional information assets receive consistent, standard-compliant protection levels. The ideal candidate will bridge the gap between high-level regulatory frameworks and technical system deployment, driving overall compliance maturity.
Core Responsibilities & Tasks
* Compliance Requirements Definition: Collaborate closely with System Owners and IT Infrastructure Managers to define clear, actionable compliance baselines tailored to specific digital platforms.
* Framework Document Creation: Author, refine, and operationalize standard templates addressing end-to-end security processes, controls, and modern technical mitigation frameworks.
* Security Lifecycle Guidance: Actively support and guide development teams through the drafting and execution of core compliance artifacts, specifically:
o Business Impact Assessments (BIA) & Scope of Security definitions
o Comprehensive Risk Assessment exercises
o Formulating System Security Plans
o Constructing technical Implementation Plans
* Remediation & Defect Tracking: Manage institutional non-conformities by assigning precise corrective actions to system owners, tracking their ongoing operational progression, and formally validating closures within agreed SLA timelines.
* Security Baseline Management: Continuously develop and update architectural and programmatic security baselines across modern digital platforms, cloud infrastructure, and core services.
* Reporting & Auditing: Synthesize information-system risk statuses into structured compliance reports for the LISO, highlighting immediate structural gaps and trackable remediation metrics.
* Stakeholder Alignment: Act as a central point of contact to ensure harmonized interpretation and practical execution of corporate cybersecurity policies across diverse internal entities and third-party IT providers.
Required Technical Knowledge, Skills & Expertise
* 2-3 years experience required.
* Standards & Frameworks: Strong practical knowledge of the ISO/IEC 27000 family of standards, large-scale institutional risk management methodologies, and standard quantitative/qualitative risk assessment methodologies.
* Security Evaluation: Strong prior experience evaluating secure system design criteria, application environments, and business continuity documentation.
* Emerging Tech Agility: Proven capacity to quickly analyze and adapt to fast-evolving digital landscapes, particularly cloud computing paradigms (IaaS/PaaS/SaaS) and AI-driven workflows.
* Documentation Quality: Exceptional skill in authoring technical, structured, clear governance templates, policy definitions, and instructional guides.
* Professional Certifications (Highly Valued Asset): Holder of active domain credentials such as CGRC, CRISC, CISA, CISSP, or CISM.
Interpersonal & Non-Technical Skills
* Multicultural Adaptability: Comfort integrating rapidly into a large, highly diverse, and multicultural administrative environment. Must be a self-starter who thrives inside matrixed teams.
* Communication & Facilitation: Advanced verbal and written presentation competencies when articulating complex GRC paradigms to mixed groups of technical developers and non-technical business leaders.
* Language Proficiency: Full professional fluency in English (C1 level or higher written and verbal capability is highly advantageous for running multilingual synchronization meetings).
* Ethics: Demonstrable commitment to a high degree of professional discretion, confidentiality, and institutional integrity.
#J-18808-Ljbffr