APPLICATION SECURITY CONSULTANT

APPLICATION SECURITY CONSULTANT

SUMMARY:

 Application Security Consultant acts as a first point of contact for internal Business Units and external vendors in relation to Application Security services aiming at achieving risk reduction.

 The role ensures smooth execution of application security processes in particular vulnerability scanning and flaw remediation.

 The role is to execute a consistent global application security program for all business units to reduce overall costs and risks. These security platforms will automate and provide technical controls in accordance to the Blue Book.

This role includes the following core functions:

SME: develops and executes operational policies and strategic plans; is also accountable for various tasks handled by the Operations team members in the execution of activities supporting the strategic direction established for Group Information Security

IT Security Consultation: provides both day to day strategic and tactical consulting and operations support for technology and process implementations in Group IT.  Is responsive and works in support of CISO team to accomplish the application security objectives of the team

Security Architect: provides application security architectural support day to day to align security services and technologies to best meet the global objectives of Group IT

KEY TASKS & RESPONSIBILITIES

·         Monitoring vendor/partner performance in addressing application risks,

·         Raising awareness of Business Units & Application Owners about relevant application security processes,

·         Supporting CISO/BISO organisation in achieving security compliance

·         Actively representing Application Security at teleconferences and meetings with internal and external stakeholders

·         Acting as SME on application security processes and technology

·         Providing metrics to support risk posture assessment

·         Administration tasks related to security toolset used by application Security team 

TRAVEL & OTHER REQUIREMENTS

Requires occasional travel to business division headquarters, corporate centre or conference locations; travel will typically not exceed 10%.

QUALIFICATIONS/EXPERIENCE

·         Minimum 2-4 years professional experience with a Bachelor’s Degree

·         Communication skills / stakeholder management

·         Risk management and IT security skills

·         Experience with working across business units and geographical boundaries to engage team members

·         Hands-on implementation / administration experience

KNOWLEDGE:

·         Strong communication skills

·         Strong integrity and highly ethical

·         Effective in influencing and persuasion

·         Background in security/risk related topics and technologies

·         Vision and strategic foresight

·         Vendor management

·         Broad-based understanding of security architecture and technologies

TECHNICAL SKILLS

·         Expertise of security concepts and architectures

·         Understanding of operating system platforms and security models

·         Strong understanding of holistic set of IT technologies and processes (operating systems, databases, networking, web/application, change management, SDLC, disaster recovery, monitoring, help desk)

·         General knowledge of regulatory requirements relevant to the business

·         Written and oral English language proficiency

·         Other language skills are valued