Application Security Officer (Cloud Security, Cyber-Security, DevOps Infrastructure Security)
* Manage the risks of the Cloud-related projects
* Act as an IT Risk, Continuity & CyberSecurity Lead on the division’s strategic transformation Program
* With a thorough understanding of the organization's technology and IT systems, planning, researching, and designing security architectures, to identify IT security risks in advance
* Ensure the compliance level of the applications with the Security architecture standards including Third-party and cloud security risks.
* Participate and follow-up on different transversal initiatives to improve the security standpoint
* Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements
* Ensure the compliance with the Third-party Technology risks and the Cloud security
* Ensure the solutions of Data Management, Data analytics and data science solutions are implemented with the Group security architecture requirements (e.g. Tableau, PowerBI, AI and other Data analytics solutions).
* Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Project Architecture and Security validation committees, Application Security Dashboard).
* Coordination with the Global security teams concerning integration of banking assets within production sites.
* Participate in the deployment of new security practices and DevSecOps pipeline
* Ensure that SSDLC practices are well followed
Job Requirements:
* At least Bachelor’s Degree in Computer Science or related field
* 5-8 years' experience in information security and IT risk management
* Experience in evaluation and design of technical architectures and processes
* Functional as well as technical knowledge of the common architecture and Cybersecurity frameworks and solutions
* Strong knowledge in secure development and SSDLC processes
* Knowledge of the Norms and Standards of the banking and cybersecurity industry
* Banking Knowledge and understanding of Wealth Management specificities
* Strong knowledge on Cloud security
* Network protocols and network connectivity concepts; Firewall and Internet technologies
* Secure application design and architecture principles – including DevSecOps tools and practices (CI/CD)
* Encryption and Key Management techniques
* Technical proficiency in various Operating Systems (Linux, AIX, Windows, AS400) and Databases (Oracle, MSSQL, PostGreSQL, MongDB)
* Knowledge of understanding digital transformation and mobile technologies and Cloud (Containers Docker, Kubernetes)
* Deep understanding of cybersecurity threats and remediation options
* IT Security Risk Assessment and Risk Management
* Knowledge of emerging technologies (NFT, encryption)
* Knowledge in technologies like OAuth, Single Sign On, API based approach, TDD, BDD
* Advanced IT security certifications: CISSP / CISM / SANS Certification
* Experience in Operational Risk and Permanent Control is an advantage
#J-18808-Ljbffr