.Job description:We are looking for a candidate with at least 5 years of experience in Application Security and Cyber Security Incident Management.Candidate will participate to IT project security reviews conducted on a global basis across all platforms.
This requires the incumbent to foster close working relationships with other business areas and IT Development / Production teams.The consultant will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator.The candidate will be member of WM IT Security Operations team and will report hierarchically to WM CISO EMEA and functionally to Head of WM IT Security Operations.
She/he will work with various stakeholders located in Singapore, Chennai, Switzerland and Paris.Certification (not mandatory but strongly recommended) : CISM, CCSP, CSK, CEH, CISSP .Main Tasks:APPLICATION SECURITYEnsure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices.Identify and implement the latest security standards for internet facing and internal assetsImprove the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA).Perform Security risk assessments and reviews to be presented to respective committeesEnsure the adequate security level for all WM GAIM applications, whatever the IT project manager's location and hosting providerEnsure the alignment with the Group and WM GAIM security policies, for both project and production assetsEnsure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processesEnsure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS, FSC), EU (DORA), Switzerland (FINMA)Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirementsEnsure the compliance with the Third-party Technology risks and Cloud securityIdentify the process gaps and provide solutionsCYBER SECURITYEnsure the coordination with other IT security or other actors in the region or globallyAssist for a Risk Treatment for any WM issue, based on the processesIdentify the IT security risks in advance, record and follow-up themDefine and contribute to processes from cybersecurity perspectivePeriodic reporting of security status to WM IT Domain Head and security championEnsure the regular reporting for management follow-upHandle Cyber alerts & Incident by investigating and following with handlers until the issue is closed.Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents