Job Mission:
You will be responsible for conducting detailed and in-depth security assessments both new and existing data-centric applications, assist and advice (big)data-related projects on security related questions and help drive the security improvements. You will be interacting with stakeholders on different levels in IT, but also within different sectors.
In this role you will also be participating in PI events and as a Subject Matter Expert (SME) involved in the Agile Release Trains (ARTs).
The role is contributing in protection of information, Intellectual Property (IP) and assets, and that of the customers and suppliers for the scope of the projected solution. This includes the alignment of the solution with Information Security strategies and security policies/standards/guidelines, and where necessary suggesting additions and improvement to standards.
Job Description:
- As a Big Data Security Specialist you will be responsible for:
- Performing project intake assessments in cooperation with the Project Security Officer;
- Assessing applications and systems to be implemented or actual implementations based on assessments of high and low level designs, interviews and/or testing;
- Assessing existing or new IT services (on premise or cloud) on technical vulnerabilities and weaknesses based on process and tooling;
- Translating assessment results into an Information Security Specification (security plan for service);
- Communicating observations to the relevant stakeholders, advice on mitigation and follow up on actions;
- Adding information to the different security registers from Business Impact assessments (BIA’s), IT Security Assessments (ITSA’s), penetration/security tests, vulnerability scans, exceptions and other sources;
- Adding information to security finding register, which contains all security assessment findings and risks that are reported within the TSCC, and is used to follow up on security assessment findings;
- Assuring and monitoring the effectiveness of our application security controls;
- Keeping track of follow up actions and deliver management reporting;
- Representing, on occasion, the TSCC in IT projects and intake boards where required;
- Assessing IT security exception requests on validity and provide advice to the team lead application security and business stakeholder for acceptance or rejection including advice on additional security controls;
- Improving procedures to keep the security registers, application registers and assessment processes up to date;
- Giving advice on security improvements and additional controls;
- Updating and maintaining security baselines and standards;
- Training and coaching DevOps teams on security aspects, standards and security solutions in CI/CD.
Experience:
One or more of the following valid certifications is a plus:
- CISA, CISSP, CCSP, ISO27001/27002, CKS, CDP/CDE
- Azure or Google Security, Data engineering or Data Science-related certifications
- SAFe certifications.
- Security/Technical/IT/informatics/Data Science background: bachelor’s or master’s degree (or equivalent experience);
- Min 6+ years professional experience with a focus on IT applications / information security, risk and compliance;
- Experience in executing Threat and Vulnerability Analysis (TVA) or IT Security risk assessments on IT services and data-centric applications;
- Securing data-centric or analytical platforms and applications.
- Securing data ingestion and processing pipelines (on premise, hybrid or cloud);
- Knowledge and/or hands-on experience with common (big) data environments and languages, such as Data Lakes, Big Data Storage and Computing, Hadoop, Spark, Python, Analytics Reporting Tooling;
- Security on a wide range of SAP (HANA) applications is a plus in this role;
- Experience with Scaled Agile Framework (SAFe) is a plus;
- Experience with (Cloud) Security Architecture is a plus;
- DevSecOps: securing Container environments and CI/CD pipelines (preferably through automation)
- Hands-on experience in security assessments and risk assessment of one or more of the following security domains:
- Storage
- Encryption
- Connectivity/Network
- Access/IAM
- Operations (e.g. hardening, patching)
- In-depth working knowledge of IT Risk / security frameworks and best practices, such as: NIST, ISF, NIST or ISO 27001/2/3/4 framework;
- Advising management stakeholders on security maturity and influence decision-making.
Personal Skills:
- Able to operate independently/with minimal supervision, self-starter;
- Comfortable in starting up a number of projects at the same time, but also taking responsibility for finishing tasks;
- Ability to interact with all levels including users, engineers, executives and senior managers;
- Analytical, precise, tenacious, autonomous;
- Knowledge of IT-security, Information Security and Architecture methodology;
- Ability to overcome organizational resistance;
- Excellent organizational skills and the ability to prioritize multiple tasks and assignments;
- Able to manage large amounts of new information quickly; grasp the deep technical characteristics of new environments; draft clear and concise visualizations of complex processes and environments, stand your ground in a flexible / changing environment.
Contact
-
1 van 4Vul je gegevens in
Via onderstaande knop kun je je gegevens achterlaten en je CV uploaden.
-
2 van 4Wij nemen contact met je op
In een eerste kennismakingsgesprek bespreken we je wensen, ambities en drijfveren.
-
3 van 4Persoonlijk gesprek
We stellen je voor aan de klant, je wordt uitgenodigd voor een persoonlijk gesprek.
-
4 van 4Contract besprekingen
Bij een match bespreken we samen met jou en de klant alle details door.