Application Security Officer (Cloud Security, Cyber-Security, DevOps Infrastructure Security)

About

Application Security Officer (Cloud Security, Cyber-Security, DevOps Infrastructure Security)

Responsibilities

• Manage the risks of the Cloud-related projects
• Act as an IT Risk, Continuity & CyberSecurity Lead on the division’s strategic transformation Program
• With a thorough understanding of the organization's technology and IT systems, planning, researching, and designing security architectures, to identify IT security risks in advance
• Ensure the compliance level of the applications with the Security architecture standards including Third-party and cloud security risks
• Participate and follow-up on different transversal initiatives to improve the security standpoint
• Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements
• Ensure the compliance with the Third-party Technology risks and the Cloud security
• Ensure the solutions of Data Management, Data analytics and data science solutions are implemented with the Group security architecture requirements (e.g. Tableau, PowerBI, AI and other Data analytics solutions)
• Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Project Architecture and Security validation committees, Application Security Dashboard)
• Coordination with the Global security teams concerning integration of banking assets within production sites
• Participate in the deployment of new security practices and DevSecOps pipeline
• Ensure that SSDLC practices are well followed

Job Requirements

• At least Bachelor’s Degree in Computer Science or related field
• 5-8 years' experience in information security and IT risk management
• Experience in evaluation and design of technical architectures and processes
• Functional as well as technical knowledge of the common architecture and Cybersecurity frameworks and solutions
• Strong knowledge in secure development and SSDLC processes
• Knowledge of the Norms and Standards of the banking and cybersecurity industry
• Banking Knowledge and understanding of Wealth Management specificities
• Strong knowledge on Cloud security
• Network protocols and network connectivity concepts; Firewall and Internet technologies
• Secure application design and architecture principles – including DevSecOps tools and practices (CI/CD)
• Encryption and Key Management techniques
• Technical proficiency in various Operating Systems (Linux, AIX, Windows, AS400) and Databases (Oracle, MSSQL, PostGreSQL, MongoDB)
• Knowledge of understanding digital transformation and mobile technologies and Cloud (Containers Docker, Kubernetes)
• Deep understanding of cybersecurity threats and remediation options
• IT Security Risk Assessment and Risk Management
• Knowledge of emerging technologies (NFT, encryption)
• Knowledge in technologies like OAuth, Single Sign On, API based approach, TDD, BDD
• Advanced IT security certifications: CISSP / CISM / SANS Certification
• Experience in Operational Risk and Permanent Control is an advantage