Job Title: Cyber Security Expert
Decskill is seeking a highly skilled Cyber Security Expert to join their team. As a key member of the organization, this individual will play a crucial role in ensuring the security and integrity of our systems and data.
Responsibilities:
* Application Security: Ensure the effective implementation of Secure SDL including DevSecOps and Threat modelling practices;
* Identify and implement the latest security standards for internet-facing and internal assets;
* Improve Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA);
* Perform Security risk assessments and reviews to be presented to respective committees;
* Ensure the adequate security level for all Wealth Management GAIM applications, whatever the IT project manager's location and hosting provider.
Security Compliance:
* Ensure alignment with Group and Wealth Management GAIM security policies, for both project and production assets;
* Ensure protection of Wealth Management business data with an adequate security level of Wealth Management assets, based on project assessment and production review processes;
* Ensure compliance with regulatory bodies requirements, including for APAC (HKMA, MAS, FSC), EU (DORA), Switzerland (FINMA);
* Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure compliance with the IT security requirements;
* Ensure compliance with Third-party Technology risks and Cloud security;
* Identify process gaps and provide solutions.
Cybersecurity:
* Ensure coordination with other IT security or other actors in the region or globally;
* Assist for a Risk Treatment for any Wealth Management issue, based on the processes;
* Identify IT security risks in advance, record and follow-up them;
* Define and contribute to processes from cybersecurity perspective;
* Periodic reporting of security status to Wealth Management IT Domain Head and security champion;
* Ensure regular reporting for management follow-up;
* Handle Cyber alerts & Incident by investigating and following with handlers until the issue is closed;
* Ensure to onboard Assets & Applications in SIEM and handling BAU, create / update relevant documents.
Production Security:
* Ensure effectiveness and success of vulnerability management process;
* Ensure compliance level of the production environment and integrate to reporting.
Requirements:
* Required Skills and Qualifications: Application Security, IT Security Compliance, Cyber Security Incident Management, Vulnerability Management;
* Language Skills: English (mandatory), French appreciated.
We are committed to equality and non-discrimination with all our talents. We recruit and promote talent, based on diversity and inclusion, regardless of age, gender, ethnicity, race, nationality or any other form of discrimination incompatible with the dignity of the human being.