Security Specialist

Beschreibung

Security Specialist

6 month initial contract (view to extend)

Hybrid remote (Remote/Basel)

Rate DOE

Purpose of the role:

• Support the team with the implementation of 3 Lines of Defence (3LoD) risk management model
• Review and update security policies and standards following industry best practices such as CIS and NIST
• Ensure security by design providing security recommendations to IT teams in alignment with standards
• Contribute to the bank's cyber protection and resiliency requirements in the areas of asset and vulnerability management, risk management, security awareness training, baseline security configuration, 2nd line monitoring, data protection and operational tasks
• The role would be a mix between more operational tasks (review of the security standards / security guidelines / maintenance of policies and standards / risk assessments/ security configurations) and project-based activities (defence line project - new project).

Tasks & Responsibilities:

• Provide expert advice and operational experience on information security risk and control matters throughout the organisation. This includes:
• Assist with the coordination of the operations of the vulnerability testing program.
• Assist with application security program and support software developers in embedding security into the development lifecycle.
• Support the maturing of the penetration testing strategy and support in scoping and engagement with third parties
• Review and advise on the security measures to protect the confidentiality, integrity and availability of the Bank's information assets and critical services
• Contribute to reviews of the assessment methodology (Risk assessments, Software Approval)
• Contribute to the implementation of industry-recognised key critical controls and contribute to Corporate Security compliance mandate
• Support the team on technical security projects to develop and enhance the organizations security policies and procedures. Participate in the gathering and analysis of information from security-related sources

Must haves:

• Strong understanding of IT infrastructure and application architecture, including cloud technologies (Microsoft Azure)
• Experience with security frameworks, Security Policy and Standard creation
• Experience with documenting and communicating results that may be consumed by both developers and management-level audiences (technical writing experience of security guidelines and policies)
• Familiar with industry-recognized key critical controls (e.g. CIS, OWASP, SANS, etc…)

Nice to have:

• Security knowledge in application security, penetration testing and cloud technology
• Understanding of mobile related technologies, virtualization, containers, as well as cloud security
• Strong analytical capabilities, data-analysis skills and documentation skills
• Certification in security-related disciplines and technologies would be an advantage (accreditation such as CISSP or CISA)
• Experience with: TFS, SharePoint, DevOps / Compliance monitoring / Vulnerability scanners / Azure Security Centre

For more information or to apply please get in touch on -