Cyber Security Expert

We are looking for a candidate with 5/8 years of experience in Application Security and Cyber Security Incident Management.

The candidate will participate in IT project security reviews conducted on a global basis across all platforms. This requires the incumbent to foster close working relationships with other business areas and IT Development / Production teams.

The consultant will work hand in hand with the IT Dev, Prod teams, and the business, as an enabler and facilitator.

The candidate will work with various stakeholders located in Singapore, Chennai, Switzerland, and Paris.

Certification (not mandatory but strongly recommended): CISM, CCSP, CSK, CEH, CISSP.

Main Tasks:

• Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices.
• Identify and implement the latest security standards for internet-facing and internal assets.
• Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA).
• Perform Security risk assessments and reviews to be presented to respective committees.
• Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider.
• Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets.
• Ensure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processes.
• Ensure compliance with regulatory bodies' requirements, including for APAC (HKMA, MAS, FSC), EU (DORA), Switzerland (FINMA).
• Leveraging a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure compliance with the IT security requirements.
• Ensure compliance with Third-party Technology risks and Cloud security.
• Identify process gaps and provide solutions.
• Ensure coordination with other IT security or other actors in the region or globally.
• Assist in Risk Treatment for any WM issue, based on the processes.
• Identify IT security risks in advance, record and follow-up on them.
• Define and contribute to processes from a cybersecurity perspective.
• Periodic reporting of security status to WM IT Domain Head and security champion.
• Ensure regular reporting for management follow-up.
• Handle Cyber alerts & Incident by investigating and following up with handlers until the issue is closed.
• Ensure onboarding of the Assets & Applications in SIEM and handling BAU, create/update relevant documents.
• Ensure the effectiveness and success of the vulnerability management process.
• Ensure the compliance level of the production environment and integrate it into reporting.

Profile

Technical Skills:

• Application Security
• IT Security Compliance
• Cyber Security Incident Management
• Vulnerability Management

Language Skills:

• French – Notions

Soft Skills:

• Ability to deliver / Results driven
• Ability to synthesize
• Communication
• Data Analytic
• Knowledge of Bank Sector

Presentation of the group

Consort Portugal, set up in 2021 to meet the challenges of offshoring, is now focusing on digital services for local companies:

• Support the offshoring strategies of the Group’s customers, particularly in Europe;
• Offer Portuguese economic players the expertise of its 2 communities: Consortis, leader in managed infrastructure services, and Consortia, expert in Data, Digital Development, and Media Engineering.

Consort Portugal’s culture encourages autonomy and individual responsibility. In-house training and support from the management team, and the commitment of each individual, contribute to a high level of technical skills and quality services.

Consort Portugal implements the Group’s HR policies, mobilizing its energies to promote individual well-being and inclusion.