Share this Job
Apply now »

Sr Specialist Cyber Security - IT North America

Sr Specialist Cyber Security - IT North America

.

Position Summary

Under the supervision and guidance of their primary Community of Practice Lead and Product Group Manager based in Switzerland, the Cyber and Digital Security Senior Specialist is responsible for establishing and maintaining security products, platforms and solutions designed to mitigate IT risks across the Group to ensure that information assets are adequately protected. They are responsible for the identification, evaluation and reporting of information security risks in a manner that meets compliance and regulatory requirements, aligning with and supporting the risk posture of the enterprise. The Cyber and Digital Security Senior Specialist requires to be a visionary leader with strong skills in business management and a working knowledge of information security technologies. They will proactively work with IT and business units to implement practices that meet defined policies and standards for information security. Acting as a security business partner for the IT Product Groups, they represent Security in various core team meetings. The Cyber and Digital Security Senior Specialist continuously researches and stays on top of emerging security threats, technologies and trends.

A day in the life of...

Key Outputs:

· Directly contribute to growth and development related to our Application Security Testing (AST), DevSecOps and Web Application Firewall (WAF) solution and practices.

· Analyzing and developing policies and solutions to support AST and WAF security on an enterprise scale.

· Liase with IT teams and vendors to implement, improve and solve operational issues and findings related to AST and WAFs.

· Chair application security scanning reviews with DevOps.

· Assist with project efforts to design security controls and processes that solve business problems.

· Serve as a security expert in Application Security, helping product teams comply with enterprise and IS/IT security policies, industry regulations and best practices.

· Determine security requirements by evaluating business strategies and requirements following a risk-based approach, evaluate gaps and derived risks, and assess corresponding action plans.

· Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.

· Develop, maintain, and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices.

· Defend and translate to stakeholders’ technical choices from a security perspective.

What will make you successful

· Degree in a technology-related field, or equivalent work- or education-related experience.

· 5+ years of experience in a combination of risk management, information security and IS/IT jobs.

· Professional security, cloud and software architecture certifications, such as a CISSP, CISSP-ISSAP, CSSLP, GIAC, AWS Solution Architect, Azure Solutions Architect or other similar credentials, is preferred.

· Knowledge of common information security management frameworks, such as ISO 27001 and NIST.

· Excellent written and verbal communication skills in English, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences (e.g. management, agencies, vendors).

· High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.

· Team player, high degree of initiative, dependability and ability to work with little supervision.

· Solid experience in assessing and protecting public-facing applications (websites, mobile, e-commerce)

· Software development or application security testing experience, and exposed to WAF, SecDevOps, OWASP Top 10 and other frameworks: including analyzing, architecting fixes for, and leading developers in remediating code-level vulnerabilities.

· Experience determining security requirements by evaluating business strategies and requirements following a risk-based approach, and describe associated data flows and security controls needed, interacting

.

.

Position Summary

Under the supervision and guidance of their primary Community of Practice Lead and Product Group Manager based in Switzerland, the Cyber and Digital Security Senior Specialist is responsible for establishing and maintaining security products, platforms and solutions designed to mitigate IT risks across the Group to ensure that information assets are adequately protected. They are responsible for the identification, evaluation and reporting of information security risks in a manner that meets compliance and regulatory requirements, aligning with and supporting the risk posture of the enterprise. The Cyber and Digital Security Senior Specialist requires to be a visionary leader with strong skills in business management and a working knowledge of information security technologies. They will proactively work with IT and business units to implement practices that meet defined policies and standards for information security. Acting as a security business partner for the IT Product Groups, they represent Security in various core team meetings. The Cyber and Digital Security Senior Specialist continuously researches and stays on top of emerging security threats, technologies and trends.

A day in the life of...

Key Outputs:

· Directly contribute to growth and development related to our Application Security Testing (AST), DevSecOps and Web Application Firewall (WAF) solution and practices.

· Analyzing and developing policies and solutions to support AST and WAF security on an enterprise scale.

· Liase with IT teams and vendors to implement, improve and solve operational issues and findings related to AST and WAFs.

· Chair application security scanning reviews with DevOps.

· Assist with project efforts to design security controls and processes that solve business problems.

· Serve as a security expert in Application Security, helping product teams comply with enterprise and IS/IT security policies, industry regulations and best practices.

· Determine security requirements by evaluating business strategies and requirements following a risk-based approach, evaluate gaps and derived risks, and assess corresponding action plans.

· Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.

· Develop, maintain, and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices.

· Defend and translate to stakeholders’ technical choices from a security perspective.

What will make you successful

· Degree in a technology-related field, or equivalent work- or education-related experience.

· 5+ years of experience in a combination of risk management, information security and IS/IT jobs.

· Professional security, cloud and software architecture certifications, such as a CISSP, CISSP-ISSAP, CSSLP, GIAC, AWS Solution Architect, Azure Solutions Architect or other similar credentials, is preferred.

· Knowledge of common information security management frameworks, such as ISO 27001 and NIST.

· Excellent written and verbal communication skills in English, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences (e.g. management, agencies, vendors).

· High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.

· Team player, high degree of initiative, dependability and ability to work with little supervision.

· Solid experience in assessing and protecting public-facing applications (websites, mobile, e-commerce)

· Software development or application security testing experience, and exposed to WAF, SecDevOps, OWASP Top 10 and other frameworks: including analyzing, architecting fixes for, and leading developers in remediating code-level vulnerabilities.

· Experience determining security requirements by evaluating business strategies and requirements following a risk-based approach, and describe associated data flows and security controls needed, interacting

.

Ciudad de Mexico, MX, 11520

Ciudad de Mexico, MX, 11520

Apply now »