Oferta pracy

Senior Information Security Officer

IDEMIA Poland R&D Sp. z o.o.About the company

  • Offer expired 2 days ago
  • Remote recruitment
  • Remote work
  • contract of employment, B2B contract
  • full-time
  • senior specialist (Senior), expert

IDEMIA Poland R&D Sp. z o.o.

Stefana Jaracza 62/64

Łódź

Your responsibilities

  • To define & execute security strategy & roadmap for his scope of responsibility (as part of global GDP security), in relationship with Product Owners & business teams

  • To build, maintain & improve GDP security processes & standards, especially topics related to risk assessment / threat model & awareness

  • To conduct the threat models & risk assessment for all GDP domains, activities & countries

  • to translate these technical risks & vulnerabilities in functional / business risks & impacts, understandable by Business teams & management, in order to ensure proper mitigation

  • to provide support & expertise to teams for mitigation & review of risk assessment

  • To monitor & improve security KPI for GDP security processes

  • To improve the overall level of security empowerment & maturity of the teams by contributing actively to security guild & security awareness activities, and by adopting a coaching approach rather than a “doer”.

Our requirements

  • 4+ experience in information security, including a first experience as security officer in another company

  • Very good knowledge & work experience in risk assessment (ex : ISO 27005 framework) & Threat Modelling approach (ex : STRIDE methodology)

  • Experience in definition of security policies & standards

  • Good knowledge and working experience of Application Security field (ex : OWASP Top 10)

  • Experience in setup of security in DevOps environment (CI/CD tools, container security, …)

  • Solid knowledge of various information security frameworks (ex : NIST, ISO 27002, …)

  • Experience in working in cloud environments (Azure and/or AWS)

  • Personal certification in global security frameworks such as CISSP is recommended

  • Personal certification in cloud security is a plus (Azure and/or AWS)

  • Previous experience related to PCI-DSS & GSMA is a plus

What we offer

  • Private medical care

  • Sports package (subsidized by the employer)

  • Free of charge parking space

  • Individual conference budget

  • Integration events

  • Flexible working hours

  • Attractive salary (employment contract or B2B cooperation)

  • Benefits

  • sharing the costs of sports activities

  • private medical care

  • flexible working time

  • integration events

  • parking space for employees

Soft skills:

  • Excellent problem-solving and analytical skills.

  • High level of autonomy & adaptability

  • Demonstrated leadership skills

  • Ability to explain risks for business to executive people & give advices about mitigations schemes to reduce risks

  • Ability to educate both technical & non-technical audience about various security measures.

  • Effective verbal and written communication skills.

  • English and Polish 100% fluent (written & spoken)