This role is part of the Global Digital & Technology (D&T) department.
D&T is proud to bring cutting-edge innovation, strong technology, and advanced analytics.
With speed and agility, we ensure - has the technological competitive advantages it needs to deliver on its ambition. Your role at - The Toolkit Security Specialist is part of the Toolkit portfolio and supports multiple Product teams within it (e.g. Toolchain, Digital integration, Robotics & Automation, Digital Enablement) and is one of the professionals who do the work of delivering a potentially releasable increment of the product at the end of each sprint.
Product Teams are structured and empowered by the organization to self-organize and manage their own work. The resulting synergy optimizes the Product Team’s overall efficiency and effectiveness. The strategy for all Toolkit products is to continue to evolve the technology platforms in their scope and to actively grow adoption of the platform. To a large extend this will be done by means of a federated operating model, allowing other regional/local teams to develop on the platforms.
To avoid this is introducing security risks special focus from the security specialist is required.
You will be working alongside with a colleague in -’s Global Shared Services Hub where the emphasis of this job role is on the functional and organizational side, while that emphasis is on the technical side for your HGSS colleague. In this role, you will: The Security technical specialist will assist with the design, development, and implementation of security measures for solutions deployed into various cloud, hybrid, and on-premises systems in - environment.
Ensure security by design principles are upheld in the implemented products. Overseeing that Toolkit portfolio team members understand and properly use the Solution Security Procedures. Ensure embedding of joint security responsibility models definition related to federated governance systems.
Thoroughly document security decisions and implementations. Provide input and feedback on security architectures/setup/configuration.
Perform risk assessments on any new resource/application/functionality implemented in the cloud platforms. Participate in the Security and Quality Assurance chapter and help embed security by design mindset into the organization.
Ensure performance and automation of compliance and security controls. Support product teams in security decisions related to the product platforms, by helping team members and training them so that they can do more of this themselves.
Support in automating continuous security testing for the product platforms. Support in resolving any security related audit or compliancy issues.
Are we looking for you?
• our ideal candidate would have: 2-4 years working experience in security operations and advanced level of understanding regarding systems security at both technical and procedural level;
• 2-4 years’ experience with Security Architect and/or Engineering;
• Operational experience in securing one or more of the following solutions; low /no code platforms (e.g. OutSystems) Robotics process automation (e.g. UiPath) Integration and middleware platforms (Boomi, API Connect, SAP PO) SLDC Tools (e.g. Azure DevOps, Confluence, Zephyr, SonarQube) Microsoft Power platforms Possess a solid understanding and have experience with systems automation platforms and technologies; Certifications such as CEH, CIR, CISM, CISA, CGEDIT, any of the OWASP or similar are a plus; Knowledge of industry standard security frameworks for information systems (NIST, ISO 27001/2, CSA, COBIT), the Cyber Kill Chain & MITRE ATT&CK framework;
• Being able to translate technical language into a story that can be understood, and cohesively present it back to different stakeholders with a clear message;
• Bachelor’s degree or equivalent experience;
• Have a passion for security and enjoys solving problems; You understand the Agile mindset and have basic knowledge on working in a Scrum Team. You show end-to-end ownership on work that you do;
• Excellent knowledge of English, written and verbal;
• You have experience with outsourced managed services; You look for structural solutions over one-time quick fixes; Experience representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions.