Senior Data, IT Information Security Officer Specialist
Paço de Arcos, PT, 2770-131
Nordea
Nordea is a leading Nordic universal bank – we are a strong and personal financial partner with financial solutions that best meet your needs so you can achieve your goals and realise your dreams.Job ID: 25353
We are looking for a Senior Information Security Specialist to join the Information Security function in Nordea Asset Management. As a Senior Information Security Specialist you will play a vital role in embedding information security practices, controls and culture within Nordea Asset Management as well as determining our exposure to information security risks.
At Nordea Asset Management, we see that the world is changing fast – and we want to be one step ahead of the curve. That’s why we’re deeply committed to providing the financial solutions of tomorrow to our customers. We’re creating an agile environment where we experiment and grow together – and we need your ideas and interesting background. With us, you’ll be in good company with a chance to make your mark on something bigger.
About this opportunity
Welcome to the Information Security Function within Nordea Asset Management. We add value by maintaining appropriate levels of resiliency and security and ensuring that our customers’ data and internal data, our services and underlying infrastructure are protected and resilient.
What you’ll be doing:
As Senior Information Security Specialist, you’ll be responsible for the followings:
Assessment and Assurance
- Provide support for the maintenance of the information security framework.
- Conduct security (risk and control) assessments and advise on necessary improvements to enhance security controls and practices as needed.
- Work with business units and technologists to identify (Information security) risks and support the organisation in implementing security controls to mitigate them.
- Assist in determining exposure to information/cyber security/cloud security risk and resilience risk as well as evaluating readiness to mitigate them effectively.
- Help articulate risk appetite concerning information/cyber security and BCCM.
Advisory and Communication
- Provide guidance to the organisation on information security principles, controls and control design.
- Assist and guide the organisation in the implementation of information security framework and application security principles, including secure coding, threat modelling, and security testing.
- Support remediation activities to ensure that internal audit, legal and regulatory requirements are met.
- Assist the organisation in in integrating security into the various stages of Software Development Lifecycle (SDLC) and DevOps pipelines.
- Ensure that an adequate (as well as business friendly) assurance and reporting framework including evidence, KPIs and KRIs are in place.
Coordination
- Participate in internal and external risk assessments.
- Coordinate information security assessments and mitigating measures with relevant stakeholders IT, Legal, Operations and Privacy stakeholders.
- Collaborate across central and local functions to establish sustainable approaches and forge necessary alignments.
You’ll join a motivated team which is a major contributor to the development of a technology focused Asset Management organisation in the international arena.
The role is based in Oeiras (Portugal).
Who you are
Collaboration. Ownership. Passion. Courage. These are the values that guide us in being at our best – and that we imagine you share with us.
To succeed in this role, we believe that you:
- Have professional communication skills and an ability to effectively create influence with your interactions.
- Are independent, conducting independent assessments, and drafting proposals based on these, while contributing to a great team performance.
- Fluency in English (spoken and written) required, with efficient skills in using Microsoft Office tools.
Your experience and background:
- Bachelor’s degree in a related field.
- Minimum 3 years of experience working with information security and business continuity.
- Experience in information security processes.
- Understanding security pitfalls in both on-premise and cloud software development and how to avoid them.
- Understanding of tools and practices that facilitate DevSecOps approach such as automated security scanning and continuous integration/continuous deployment (CI/CD) security.
- Solid ability to translate complex security and continuity issues into business risks.
- Relevant certifications ( CISM, CISA, CRISC, etc.).
- Thrive in a progressive environment and ability to prioritize and handle multiple tasks.
If this sounds like you, get in touch!
Next steps
Submit your application no later than 31/07/2024.
At Nordea, we know that an inclusive workplace is a sustainable workplace. We deeply believe that our diverse backgrounds, experiences, characteristics and traits make us better at supporting customers and communities. So please come as you are.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security CI/CD CISA CISM Cloud CRISC DevOps DevSecOps KPIs Privacy Risk assessment SDLC Security assessment
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Cloud Security Architect jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Product Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Information Security Architect jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open DoD-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs