Ewing (New Jersey)
Data and Cyber Security Director
GS1 develops and maintains the most widely used identification standards that are fundamental to numerous enterprises around the world. The best-known symbol of GS1 standards is the barcode.
Within GS1, the Global Office is responsible for defining, building and operating global services in support of the 114 Member Organizations around the world. These services are operated through multiple Azure-based IT solutions.
In 2021, a new Data Security and Cybersecurity strategy has been adopted. GS1 is seeking a cybersecurity engineer to deliver this strategy to address, reduce, and prevent cyber threats.
The consultant will work in several important IT infrastructure and business application projects in which infrastructure and cloud security requirements and controls need to be defined and verified. The scope of responsibilities and activities include:
- Design and implement security architectures (both cloud and on-prem) for different applications and core IT services
- Design and implement security capabilities related to AD, SSO integration with applications, MDM, VPN, and user account management
- Assist in follow-up of cyber security training and awareness
- Identify best of breed and appropriately sized cybersecurity tools for establishing controls, audit, vulnerability assessment and forensics
- Raise the bar in cybersecurity knowledge and threat assessment across the team
- Provide guidance on special projects/requests to minimize vulnerabilities
As a member of the Data & Cyber Security team, the contractor actively participates in the creation, rollout, and training for the organization on cybersecurity best practices, threat detection and assessment.
- Provide input and technical insights when working with the security tools
- Identify tools, processes, and solutions for improved threat detection and mitigation
- Follow ITIL best practices for security incident and change management
- Improve end-user onboarding, end-user management and device management through AD, Microsoft tools and other tools
- Leverage Microsoft licensing and capabilities to improve GS1’s overall IT Security Posture
- Design and deliver an organization wide SSO solution for management of internal users, external partners and the GS1 community persons across GS1 suite of internal and external facing applications
- Represent the security team in development and implementation of the overall global enterprise IT and Cloud architecture
- Act as an IT infrastructure and cloud security Subject Matter Expert for designs and deployments of infrastructure architectures and IaaS/PaaS/SaaS cloud and DevOps environments
- Perform threat modelling and design reviews to assess security implications of infrastructure redesigns and cloud adoption
- Work with infrastructure services and application development organizations to choose appropriate infrastructure and cloud security technology solutions
- Research and evaluate new technologies to provide more efficient and effective solutions
- Contribute to presentations for IT representatives on security technologies and industry trends
- Perform and follow-up vulnerability scans
- Perform and follow-up on SAST and DAST
- 5+ years of experience in information security and IT risk management in general, and security architecture in particular
- Legal authorisation to work in the US is required
- 5+ years of experience in network, application, or infrastructure security including a mix of hands-on technical work along with compliance and leadership responsibilities.
- 5+ years of experience with Microsoft Azure cloud solutions and services, of which 3+ years of experience in Microsoft Azure cloud security infrastructure architecture, services, and solutions
- Experience with Microsoft licenses for O365
- Experience with AD, O365, InTune and other Microsoft end-user products
- Experience with SSO, identify servers, authentication protocols.
- Deep knowledge and understanding of security technologies and security threats.
- Be able to cope with a highly regulated environment
- Demonstrated experience in working in a multinational organization and virtual teams.
- Demonstrated experience of influencing key stakeholders across the IT Department and within complex contexts.
- Legally able to work in the USA or the EU
- Minimum of a Bachelor’s degree in computer science, information systems, engineering or a related technical field or equivalent work experience
- CISSP and/or CISA certified is a plus
- Microsoft Azure Certified Security Architect is a plus
- Security expert with a sound understanding of the cyber security space overall
- Helicopter view of the overall cyber security and architecture, combined with a strong operational focus
- Threat modelling and design skills
- Someone who understands level 0 and 1 diagram, data flows, to build out threat model
- Excellent analytical and problem solving skills
- Ability to build consensus, making decisions based on many variables, and gain support for major initiatives
- Strong sense of self, ethics and effort, as well as the willingness to go the extra mile to achieve important goals
- Good understanding of how current and emerging cyber security and privacy regulations and practices may impact an organisation
- Experience tracking, measuring and communicating the quality of vulnerability management processes and controls applicable to the IT department
- Excellent verbal and written communication skills, including the ability to explain regulatory requirements to IT leaders
- Strong knowledge of Office tools, mobile, apps, and other IT capabilities which would be expected knowledge for a senior IT role
- Strong soft and interpersonal skills, including teamwork, facilitation and negotiation
- Excellent analytical and technical skills
- Excellent written, verbal, communication, and presentation skills
- Excellent planning and organizational skills
Additional Skills & Qualifications:
Cyber Security engineers help secure software applications that are developed and offered by organization as software services for internal employees or for the customers. This involves securing all stages of the software development life cycle (SDLC) design, secure coding and development, testing and deployment stages.
Assist in finding security vulnerabilities in applications- static code analysis (static application security testing), dynamic code analysis (dynamic application security testing), or pen testing (uses tools to look for application weakness) as required.
Travel Requirements: 5 %
How to apply:
Send your application with CV to:
- Blue Tower, Avenue Louise 326, bte 10
- B-1050 Brussels, Belgium
- Tel: + 32 2 788 78 00
- E-mail: firstname.lastname@example.org
Responses will be treated quickly and with strict confidentiality.