Data Protection Officer (DPO)

Job Reference: CWS-270522

Location: Strasbourg, France

Type: Contract

Start date: ASAP

End date: xxxx

My client is a well know EU-Institution and they are looking for a Data Protection Officer (DPO) for a long-term assignment based in Strasbourg. This is a contract assignment with real possibilities for extension.   

Data Protection Officer

Description

  • Define security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host based security systems
  • Develop and validate baseline security configurations for operating systems, applications, and networking and telecommunications equipment
  • Perform internal and external technical control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommend remedial action
  • Perform source code reviews
  • Perform network and application penetration testing ( Black box, Grey box and White box)
  • Defining detailed security architecture
  • Performing technical security audits
  • Perform log analysis and security monitoring
  • Perform IT infrastructure/ Application Security configuration reviews
  • Design and implement technical security mechanisms and technologies
  • Design and develop technical security standards and procedures
  • Ensure privacy by design and by default solutions for the large scale IT systems;
  • Assist and/or perform threshold and data protection impact assessments (DPIA);
  • Assist in providing training on DPIA methodology;
  • Assist in handling data breaches in particular within the large scale IT systems from detection, response and final report;
  • Assist in drafting data protection policies and procedures;
  • Identify gaps and contribute to the development of project plans to close the gaps and meet data protection requirements set forth by applicable regulation applicable to the large scale IT systems and data protection Regulation (EU) 2018/1725;

 

Qualifications

 

Education: Minimum 4 years of relevant education (master or equivalent) after the secondary school

  • Minimum 6 years of relevant professional experience in IT Security

 

Expected to possess advanced knowledge of/in:

 

  • Security best practice guidelines (ISO 27001, NIST, SANS Top 20 OWASP, etc.)
  • Good practice in the secure configuration of servers, network devices and applications
  • Networking protocols and application communications
  • Network analysis tools
  • Securing Unix and Windows operating systems
  • Securing middleware and applications.
  • Network penetration testing
  • Wb application penetration testing
  • Vulnerability assessments
  • Forensic image collection and analysis
  • Managing/deploying the following security technologies: Firewalls; IDS/IPS – Intrusion detection/Prevention Systems, SIEM – Security information and event management; IAM – Identity and access management; APT – Advanced Persistent threat detection; DLP – Data loss prevention; VA – Vulnerability Analysis and mitigation; PKI – Public key infrastructure; Virtual environments; Endpoint 2

 

Communications and data encryption; Remote access methods; Backup and disaster recovery methodologies; Patch management technologies and processes; Wireless protocols and services

  • Open Web Application Security Protocol (OWASP) and secure software development standards
  • Performing security code reviews.
  • Security monitoring, threat detection and incident response;
  • Proactively and iteratively searching through networks and applications to detect and isolate advanced threats that evade existing security solutions (Cyber threat hunting);
  • Security operations engineering (e.g. implementation of defensive measures, threat intelligence production);
  • Linux administration, TCP/IP, Network Security.
  • Security configuration reviews of IT Infrastructure and security devices, OS, Databases etc.

Qualifications that are considered a plus:

  • Certified Information Systems Security Professional with Information Systems Security Architecture Professional concentration (CISSP-ISSAP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • OSCP, OSCE, GPEN, CEH, CCNA, CCNP
  • Degree or equivalent experience demonstrating focus on privacy engineering is particularly applicable;
  • Privacy/Data Protection certification such as Certified Information Privacy Professional/Manager(CIPP/E or CIPM)
  • Max. file size: 16 MB.
Centum Recruitment International  Suppliers of high calibre IT and business professionals
Centum Recruitment International 
Suppliers of high calibre IT and business professionals