Raymond Berkoh

• Reviewing current system security measures and recommendations within the solution design diagrams such as VMware, Azure VMware Solution (AVS), Azure/AWS public/private cloud environments including application or data migration project and designs.

• Provide the security capability required such as IAM, endpoint security, compliance & governance and threat model based on the projects or determined by the workload align to the security design

• Utilising security controls with framework such as (NIST 800-53, ISO27001 , CIS and CSPM etc) as part LBG security standards/governance.

• Analyse security risk within each design as appropriate to the scope and ensure that all interested stakeholders are informed or consulted where necessary.

• Utilised frameworks such as ISO2007. NIST

• Defining security requirements by assessing solution/technical design aligned to architecture requirements.

• Providing security consultant on services and security support to internal businesses and technology domains

• Acting as the lead security liaison on assigned projects.

• Reviewing application architecture designs (360-degree view- Identity Access & Management, MFA, SSL/TLS protocols, digital certificate, encryption, monitoring, and audit) from an application security and information security perspective, ensuring it is alignment with Proximus security standards and industry best practices.

• Reviewing infrastructure architecture and design from an infrastructure security and information security perspective, ensuring it is alignment with Proximus security standards and industry best practices.

• Acting as the SME- subject matter expert for performing risk assessment on vendor solutions including the public Cloud to help improve our overall risk program on vendors.

• Reviewing, testing and implementation of security products and control techniques- such as ensuring endpoint protection. (e.g. policy enforcement across devices that are used to consume data)

• Reviewing circumstances surrounding security gaps and corrective designs actions

• Keeping up to date on security developments in the technology industry and ensuring that the technology landscape is kept in line with industry and Proximus security standards

• Working closely with project teams to ensure security risks are mitigated within designs and communication flows.

• Providing advice on security aspects of the architect designs and representing the views of the SA team within corporate and commercial.

• Working with our established governance processes and ensuring new or existing IT solutions were delivered to high standard of security

• Collaboration with the business to identify and understand future information security risk and proving appropriate input where necessary to ensure appropriate technology are in place to protect the information of the business.

• Worked closely with Stakeholders and Business Units in designing appropriate infrastructure solutions to support defined business requirements and software architectures.

• Identify information security threats and vulnerabilities within projects designs, assess information security risks and advise the relevant team on appropriate methods and security configurations to help protect and prevent impact to business systems

• Familiarity with Agile methodology