Projectmanager LET OP! SLUITINGSDATUM VAN DEZE AANVRAAG IS 5-11 17.00 UUR

JOBstream is looking for a Projectmanager.

In order to address the risks mentioned in the audit report we recommend the following set of solutions:
- Dual Factor authentication by means of RSA & Radius [DF1]
- Dual Factor authentication by means of CyberArk (or reverse proxy) [DF2]
- Integrity protection by means of Virtual Private Databases [IP1]
- Integrity protection by means of LAU service for integration with Swift [IP2]
- Integrity protection by means of CyberArk Inter Business Vault [IP3]

These set of measures are deemed by the architects as feasibly, with the broadest reach and relatively costs effective. However the costs will still be substantial, for some solution pilots remain to be performed to prove its usability and still several payment systems cannot be fully protected against the described risks. It is our opinion that no solution can address this last 10%-20% of our (legacy) systems, such as OMR, other than significantly changing the source code of these payment systems, in which case the cure imposes far greater risks.

For each solution the details, limitations, recommendations and next steps are described in the corresponding sections below. The, general and solution specific, recommendations and next steps are described in the final sections.

From plan to action in resolving the payment Audit issues:
- Select an appoint a Project Manager for starting up and overall management and progress control
- Determine and agree on resource claims for IS&D, ITI and Security for the actions below

Dual Factor Authentication preparations:
- Install global RSA Infrastructure
- Perform a pilot with CyberArc Dual Factor
- Investigate availability of CyberArc in the required
- Set up the implementation guidelines

DT Roll out:
- Finalize and approve RSA DF Application list and the CA DF application list
- Agree on implementation planning per RI location
- RSA DF
- CA DF
- Exception Route

Payment Integrity Protection:
- Install periodic recertification of all accounts on payment infrastructure. This is currently an issue in UTC/LDN --> see SOX audit
- Investigate Spazio for integrity protection on MQ
- Investigate Oracle Virtual Private Database
- Swift LAU
- Investigate and describe solution and conditions
- Inventory which apps can be connected to SWIFT with the LAU interface
- Plan and execute the implementation
- [IP 3.1] Check industry adoption of CyberArk IBV/GFT technology and perform a proof of concept.
- [IP 3.2] Assess availability, scalability and license impact of CyberArk IBV/GFT and determine the desired positioning of this next to MQ.

Gevraagde kwaliteiten:
- minimaal 3 jaar ervaring als Projectmanager
- Prince 2 / IPMA gecertificeerd
- Projectmanager die verstand heeft van security.
- Ervaring met uitrol
- Bancaire ervaring