Description

We are looking for a senior IT Security Architect to join us. We are seeking a motivated and proactive individual with broad and hands-on experience in IT Security. This role will be driving the Cybersecurity program in the company, reporting to our VP Software, but with a remit company-wide.

What you will own:

• Define, develop and implement a corporate cybersecurity program
• Participate actively in the design of the solutions architecture, and carry out solution risk analyses
• Define and drive implementation of corporate information security policies
• Implement best practices standards in the area of IT security infrastructure and secure software development
• Run a cybersecurity compliance and certification program, including annual re-certifications
• Establish governance of maturity assessment model and remediation activities in a roadmap
• Define, develop, and implement a secure software development lifecycle
• Lead the definition of security requirements of all applications
• Carry out organizational and software security tests together with development and QA teams
• Promote cybersecurity culture to all stakeholders, and provide education where necessary
• Develop and implement Zero-Trust security concept for application integration
• Working with the Legal department to refine our Data Protection procedures
• Leading procurement for security solutions

Votre profil

• You have in the region of 5-10 years’ experience
• Proven experience in delivery of a Cybersecurity program within a software development company
• Knowledge in the organizational and technical areas of IT security (for example, at least some of the following: ISMS, SIEM, IAM, network, server, client and web security, SOC, incident response/management, IT risk management)
• Definition of Security standards and development methodology, in particular in the following areas: Compliance & Risk management, Conformity management, Risk assessment, Gap Analysis, Threat Protection
• Knowledge of cybersecurity and risk management frameworks and practices such as ISO 27001 or NIST SP 800-30
• Experience with audits, risk assessments and communicating with stakeholders
• Project/program management skills
• Strong understanding of software testing methodologies, tools, and processes
  The more you bring in the following areas the better:
• Certification/further education such as CISM, CISSP, Information Security
• Experience with cloud technologies and modern software development methods (CI/CD, DevOps, DevSecOps)
• At ease in standardization, documentation and reviews
• Knowledge in secure software development, secure coding (OWASP)
• Analytical, methodical approach / conceptual skills

TECHNICAL SKILLS:
We will benefit from your technical skills across some or all of cybersecurity architecture, software engineering, cloud security architecture, data privacy and loss prevention, CIS Controls and vulnerability management, OWASP, and security of applications, networks and infrastructure.

CERTIFICATES:
The more you bring in the following areas the better.

• Cybersecurity certifications such as CISSP and or CISM
• Certified Security Project Manager (CSPM) Certification or PMI
• Experience in aligning corporate strategies with cybersecurity compliance goals and requirements
• OWASP foundation
• AWS Cloud Architect
• CIS Community Defense Model (CDM)

COMMUNICATION SKILLS:

• Excellent communication skills both to technical staff as well as to management
• Ability to convince the stakeholders and influence them positively to adopt a security culture.
• Ability to communicate complex technical challenges in a non-technical and simplified manner to key stakeholders

EDUCATION:
 

• Degree in Information or IT Security or a related subject
• Fluent English
• French would be a plus

Comment postuler