You are here
Senior Software Information Security Officer
Have you provided advisory services from and IS governance persective?
Can you provide insight when reviewing security design architecture?
About Our Client
A leading Financial Institution
- Lead security design of "projects" (application/infrastructure/etc) as required
- Lead the Information Security portion of the TDEI Application and Infrastructure Health Checks as required
- Complete Information Security assessments for new and existing suppliers, including site visits and evaluation of RFP responses, where appropriate
- Directs and monitors due diligence of information security risk processes (including ISA and Supplier assessments) and results on an ongoing basis
- Oversee and manage portfolio of Information Security Manual exceptions (ISMEs) to ensure these are current, accurate and are supported by sound resolution plans
- Ensure compliance to standards specific to the local organization, consistent with IS policies and guidelines, and with T&O control frameworks (eg. CMMI, ITIL) via share services (i.e. CMRP)
- Consolidate, interpret and report key information security risk, trends for the portfolio and understand effectiveness of controls in managing the key risks
- Act as a member of the ISO council
The Successful Applicant
- Bachelor or Master Degree in Information Security or equivalent
- Information Security certification is encouraged e.g. CISSP, CISSLP, GIAC etc., but not mandatory.
- Hands-on programming background - pen testing and red team experience.
- Ability to review application security design / architecture for security controls throughout the life cycle of an application (web, mobile)
- Experience gathering and reviewing application security requirements and working with development teams to provide Information security requirements advice and counsel, ensuring alignment to IS processes and solutions - must have
- Experience reviewing security design / architecture for security controls - must have
- Experience with Threat modeling
- In depth knowledge of Information Security risk and industry best practices
- In depth knowledge of application security and software assurance (white box testing) - must have
- Working knowledge of web application vulnerability assessment tools such as AppScan and WebInspect
- Strong secure coding practices, and static code analysis tools (Fortify)
What's on Offer
A Competitive Package