The Application Security Officer will participate of the lifecycle of the Applications and Projects in order to ensure the adequacy of the security.
As a Security subject matter expert, the Application Security Officer works closely with the IT Development team, Production Teams and Business agilely.
Job Description:
- Manage the risks of the Cloud-related projects
- Lead and project manage the IT Transformation Program in IT Risk, Continuity & CyberSecurity topics by involving in and preparing the different Steering committees, following-up on the progress of the security reviews of the migration projects, tracking the list of open points and their remediation plans.
- A Security Subject Matter Expert on Security topics linked to the Transformation Projects.
- With a thorough understanding of the organization's technology and IT systems, planning, researching, and designing security architectures, to identify IT security risks in advance
- Ensure the compliance level of the applications with the Security architecture standards including Third-party and cloud security risks.
- Participate and follow-up on different transversal initiatives to improve the security standpoint
- Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements
- Ensure the compliance with the Third-party Technology risks and the Cloud security
- Ensure the solutions of Data Management, Data analytics and data science solutions are implemented with the Group security architecture requirements (e.g. Tableau, PowerBI, AI and other Data analytics solutions).
- Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Project Architecture and Security validation committees, Application Security Dashboard).
- Coordination with the Global security teams concerning integration of banking assets within production sites.
- Participate in the deployment of new security practices and DevSecOps pipeline
- Ensure that SSDLC practices are well followed
Job Requirements:
- At least Bachelor’s Degree in Computer Science or related fields
- 5-8 years' experience in information security and IT risk management.
- Experience in projects managing and leading Steering Committee in IT Transformation Projects
- Worked on IT Risk, Continuity and CyberSecurity for IT Transformation Projects.
- Experience in evaluation and design of technical architectures and processes
- Functional as well as technical knowledge of the common architecture and Cybersecurity frameworks and solutions
- Strong knowledge in secure development and SSDLC processes
- Knowledge of the Norms and Standards of the banking and cybersecurity industry
- Banking Knowledge and understanding of Wealth Management specificities
- Strong knowledge on Cloud security
- Network protocols and network connectivity concepts; Firewall and Internet technologies
- Secure application design and architecture principles – including DevSecOps tools and practices (CI/CD)
- Encryption and Key Management techniques
- Technical proficiency in various Operating Systems (Linux, AIX, Windows, AS400) and Databases (Oracle, MSSQL, PostGreSQL, MongDB)
- Knowledge of understanding digital transformation and mobile technologies and Cloud (Containers Docker, Kubernetes)
- Deep understanding of cybersecurity threats and remediation options
- IT Security Risk Assessment and Risk Management
- Knowledge of emerging technologies(NFT, encryption)
- Knowledge in technologies like OAuth, Single Sign On, API based approach, TDD, BDD
- Advanced IT security certifications: CISSP / CISM / SANS Certification
- Experience in Operational Risk and Permanent Control is an advantage