Cyber Security Expert Lisboa

Cyber Security Expert
Lisboa
Lisboa, Lisboa, Portugal

Job description:

We are looking for a candidate with at least 5 years of experience in Application Security and Cyber Security Incident Management.

Candidate will participate to IT project security reviews conducted on a global basis across all platforms. This requires the incumbent to foster close working relationships with other business areas and IT Development / Production teams.

The consultant will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator.

The candidate will be member of WM IT Security Operations team and will report hierarchically to WM CISO EMEA and functionally to Head of WM IT Security Operations. She/he will work with various stakeholders located in Singapore, Chennai, Switzerland and Paris.

Certification (not mandatory but strongly recommended) : CISM, CCSP, CSK, CEH, CISSP.

Main Tasks:

APPLICATION SECURITY

• Ensure the effective implementation of Secure SDL including the Dev
  Sec
  Ops and Threat modelling practices.
• Identify and implement the latest security standards for internet facing and internal assets
• Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA).
• Perform Security risk assessments and reviews to be presented to respective committees
• Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider
• Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets
• Ensure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processes
• Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS, FSC), EU (DORA), Switzerland (FINMA)
• Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements
• Ensure the compliance with the Third-party Technology risks and Cloud security
• Identify the process gaps and provide solutions

CYBER SECURITY

• Ensure the coordination with other IT security or other actors in the region or globally
• Assist for a Risk Treatment for any WM issue, based on the processes
• Identify the IT security risks in advance, record and
  - up them
• Define and contribute to processes from cybersecurity perspective
• Periodic reporting of security status to WM IT Domain Head and security champion
• Ensure the regular reporting for management
  - up
• Handle Cyber alerts & Incident by investigating and following with handlers until the issue is closed.
• Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents.

PRODUCTION SECURITY

• Ensure the effectiveness and success of vulnerability management process
• Ensure the compliance level of the production environment and integrate to reporting

Technical Skills:

• Application Security
• IT Security Compliance
• Cyber Security Incident Management
• Vulnerability Management

Language Skills:

• English - Expert

Soft Skills:

• Ability to deliver / Results driven
• Ability to synthesize
• Communication
• Data Analytic
• Knowledge of Bank Sector