You will join a team of dynamic security professionals that is part of the Tech Retail CISO team. Every day will provide you with different security challenges. Working in this team. you will need to engage with both C-level management, operational security professionals but also directly with engineers and developers. From within the CISO DB NL team, you will contribute to deliver input to the bank CISO who defines the global security policies. Within the team you have to ensure local implementation of the required security capabilities. You will make a concrete contribution to continuously improve the security of all of the assets by assessing and improving a current solutions.
- You work closely together with the CISO Lead to establish and operate a CISO office. At the same time you lead by example and contribute to increase the overall security awareness and maturity. You establish and facilitate state of the art integrated security threat and IT risk profile assessments in collaboration with all relevant stakeholders;
- As security subject matter expert, you contribute to the implementation of the security vision and drive the security roadmap for the organization together with the team members. You perform and deliver maturity and value assessments of the different security capabilities to identify improvement needs and opportunities.
- You participate in business-facing threat assessments and prioritization sessions, with the goal of identifying top risks and related mitigating efforts ("Security Watch"). You manage the portfolio of security efforts tied to those assessments - examples include, the scoping and execution of red/blue team engagement, the implementation of additional security measures (e.g. identity and access solutions), the execution of specialized training programs, the definition of threat profiles and intelligence gathering in collaboration with the Global Intelligence Centre.
- You provide expert support and facilitation during Detailed Risk Assessments (DRA) and scenario analysis;
- You contribute to Red/ Blue team exercise by identifying relevant threats/ scenarios;
- You assist in development of global Security Baseline security standard and guidance and support local Security Baseline template updates;
- You actively communicate the relevant cyber threats and risks throughout the organization by e.g. organising relevant and effective internal trainings and awareness campaigns.
- You support the execution of scenario analysis deep dive sessions with business and IT stakeholders. These sessions aim at identifying specific threats impacting business critical processes and assets and to identify actions and remediations to be implemented. This may include refinement of security event monitoring use cases, strengthening of security baseline designs.
You strive to bring fresh ideas to life and embrace challenges in a fast changing and complex environment. You are a naturally collaborative person who listens and invests in others to achieve common goals. You love to challenge the status quo and are eager to propose creative solutions to problems.
As Cyber Security Professional you will also need:
- 3+ years of professional experience in IT or information security
- BS/MS degree in computer science or related field. Certification like CISSP, CISM, etc. are highly recommended
- Prior experience or strong affinity with steering threat based vulnerability assessments (e.g. Red team exercises) and/or threat assessments and scenario analysis/ risk assessments
- Prior experience in risk management or experience working across lines of defense is an added benefit;
- Applied knowledge of various information security frameworks (e.g. ISO27001, NIST, CIS)
- Excellent command of the English language, preferably supplemented with Dutch
- Strong analytical skills and ability to solve high complexity problems
- Strong presentation and written communication and reporting skills
- Experience of working in complex environments
- Team player and collaborative
For more information, please reach out to Eva Sassnick.