You will join a team who is responsible for ensuring that the technology infrastructure protects corporate assets from unauthorized access, modification, disclosure and destruction. The team is the service owner of the logical security domain and infrastructure through the implementation of security services and infrastructure, risk assessments, requirements setting, and active participation in the project delivery lifecycle, as well as ensuring adequate processes and procedures for the security administration teams.
As part of the team, the main responsibilities are:
· Perform or coordinate the security validation to ensure effective implementation of security controls in project development lifecycle
· Ensure the timely and effective remediation of security weaknesses and defects revealed in security validation
o In coaching of application security controls with the SME and act as the security point of contact for the business and project teams
o With SME for the integration of application security in projects e.g. authentication and authorisation , non-repudiation, cryptographic controls, data protection
· Produce documented security services, technical standards or principles.
Skills and experience required:
· Be a team player who communicates in an open, respectful and constructive way with her/his customers and peers, both verbally and in writing. You will take ownership and ensure that organizational quality standards are met.
· Be a very good communicator in English, both verbal and written, and able to discuss and defend the security interests with individuals and groups of senior business people as well as deep technical IT experts.
· Proven experience in security risk assessments, development of functional security requirements, process design and management reporting. Experience in security design, architecture and project management is a strong advantage.
· Familiarity with industry best practices in key domains: risk assessment, application security, identity and access management, and secure development on all platforms.
· Sound security design principles, based on confidentiality, integrity and availability requirements and other ISO27002 security principles are an asset;
· Application security knowledge with a good understanding of software development and The Open Web Application Security Project (OWASP) guidelines
· Knowledge of and experience with security technologies including IDAAS and identity management platforms, PKI and cryptographic solutions, web application firewalls, automated code review tools, secure management access, virtualization, XaaS solutions
· Sufficient background knowledge with regard to network principles and protocols used in WAN and LAN's, DMZ, Internet security, network segregation
· Experience with a subset of Unix, Windows System, tandem, mainframe security and assurance
· Preferred professional certifications are CISSP, CISM, CISA, ISO 27001 LA/LI.
· A challenging position in a fast growing company with an international presence.
· A stimulating working environment with a really good team spirit maintained by lots of internal events (teambuilding, ...).
· A dynamic culture focused on personal development.
· A wide range of training and career development opportunities.
Interested? Please send us your CV in English at firstname.lastname@example.org.
Please apply now !