Information Security Advisor
Role details
Job location
Tech stack
Job description
- Operate the "CISO Release Management" service for all development executed by CISO on CISO assets ensuring best practices are applied for smooth transition into (pre) production environment.
- Identify, collect and bundle where appropriate CISO change items into collections of release items, verifying their compatibility & assessing their impact on the target environment;
- Build and maintain high level and detailed CISO releases planning;
- Perform a quality assessment of the changes through the production acceptance criteria, incl. operational readiness, security and compliance;
- Monitor and report risks associated with non-compliance to the System Delivery Life Cycle (SDLC);
- Prepare reporting on planned releases, highlighting residual risks and related mitigation actions to obtain the adequate endorsement;
- Follow-up on remediation in case of conditional authorization;
- In case of incidents (during the launch phase or just after), coordinate root cause analysis, support teams in charge of the resolution of those gaps, and if applicable, define & implement mitigations to prevent any new occurrence of similar issue in the future.
- Provide support when SDLC (System Delivery Life Cycle) IT controls fail, and ensure an adequate follow-up until the full remediation (limited to " Manage Change Acceptance & Transitioning" process).
- Reinforce the usage of good practices
- Be an evangelist within CISO and with other communities in charge of release (Change Managers, Product owners, Test leads,…), to ensure the awareness and the right understanding;
- Act as a contact point for CISO resources needing guidance an help on release practices.
- Drive and execute small to large-scale initiatives aimed at addressing identified gaps or weaknesses within our domain, ensuring alignment with organizational standards and objectives.
Requirements
To strengthen our team, we are looking for a candidate with experience in the following areas:
-
Good knowledge to system and software development and testing security guidelines; Our IT solutions refer to cloud and on-premises solutions including mainframe and virtual or physical distributed systems;
-
Familiarity with methodologies such as Agile, DevOps, and CI/CD practices, with an appetite for learning and adapting to new approaches;
-
Good understanding to various information security and cyber domains particularly identity and access management, certificate management, network security and data protection;
-
Ability to build up an overarching while detecting potential pain points, and to draw conclusion and priorities;
-
Ability to build clear and concise report supporting decision making;
-
Team player with strong communication skills, collaborative spirit, being able to discuss, defend and translate risk topics with both senior business people as with deep technical IT experts;
-
Independent, service-oriented and organized.
-
Able to operate within an international/multi-cultural, networked environment;
-
Fluent in English (speaking and writing).
Benefits & conditions
Work closely with inspiring, supportive and engaged colleagues from more than 80 different countries.
- Practice your talents in a highly professional international environment.
- Join a learning and development environment with an emphasis on knowledge sharing and training.
- Competitive salary and comprehensive benefits.
New ways of working
Find your own optimal balance within our hybrid working model, where you can connect at the office and also benefit from remote working.
Great Place to Work for All
