As a Applications (software) Security Officer, you play a crucial role in securing applications and projects, employing a risk-based approach. Your responsibilities span IT security architecture, transversal security projects, compliance, data management, and coordination with all IT security stakeholders.
Role:
1. IT Security Architecture:
- Plan, research, and design security architectures.
- Review and approve security requirements for applications and IT setups.
- Ensure compliance with security architecture standards and address third-party/cloud security risks.
2. Transversal Security Projects:
- Participate in initiatives enhancing security.
- Monitor and report progress, identifying and reporting IT risks.
3. IT Security Compliance:
- Align with the Group and security policies.
- Ensure compliance with regulatory requirements and security standards.
4. IT Data Management and Analytics:
- Stay informed on data security regulatory landscape.
- Ensure compliance of Data Management and Analytics solutions with security architecture.
5. Coordination with IT Security Actors:
- Align on objectives and means, contribute to global reporting.
- Coordinate with global security teams and stay informed on IT security initiatives.
6. Evolution of Security Practices:
- Deploy new security practices and DevSecOps pipeline.
- Ensure adherence to SSDLC practices and participate in awareness and training activities.
Requirements:
- 5-8 years of experience in information security and IT risk management.
- Proficiency in evaluating and designing technical architectures from a security point of view (encryption keys management, security at rest…).
- Proficiency with Network security concepts (firewalls, proxys…).
- Familiar with major OSes and databases connections
- Strong knowledge of secure development and SSDLC processes (DevSecOps).
- Familiarity with banking regulations and cybersecurity frameworks (MAS TRM,..).
- Excellent communication, leadership, and reporting skills.
- Advanced IT security certifications (CISSP/CISM/SANS Certification).
