Senior Security Consultant (Security By Design)

Company:

Sopra Steria is a listed European tech leader specializes in Consulting, Digital Service, and Software. We have 50,000 employees worldwide located in different regions (Europe, North America and Asia), whereby Singapore is the HQ for APAC. EvaGroup Asia Pacific is part of Sopra Steria, in charge of Infrastructure, Cloud and Cybersecurity services in APAC.

Context:

You will be part of a new Security By Design (SBD) APAC team to support all ongoing and new projects with a SBD approach. This is based on “Project Identification, Assessment and Prioritization’ and a Method has been created to support the deliverable.

The main responsibilities of the SBD APAC team:

• Point of Contact for ongoing and new projects
• Review and assess architecture and documentation for the projects in scope in regards with the SBD
• Recommend mitigation/correction actions
• Report to APAC Security stakeholders on the SBD activity
• Write deliverable on existing projects/applications, in line with the Portfolio Cyber Architect
• Provide insights about regular findings

Requirements

Responsibilities:

• Assessment of the Security by Design Methodology against any new projects

• Deliver a risk assessment of each new project in accordance with Cyber criticality
• Submit it for Security Business Partner’s review and validation
• List and plan security activities and deliverables
• Select the Project Security Baseline
• Propose, in coordination with the Central Security by design team, a remediation plan for identified risks and vulnerabilities
• Develop Key Metrics that will show the maturity of each system for security based on the risk assessment and work packages.
• Align with the Security By Design Teams to maximize on global standards and capabilities
• To ensure a repeatable process is in ‘run-mode’
• Weekly/Monthly Meetings with different stakeholders from local/regional to global teams
• Monthly KPI Dashboard of Risk Status for Each new Project
• Deliver Risk Plans to IM Risk Manager on a Monthly Basis
• Align to Security by Design Teams in Europe on a Monthly basis

Competencies:

• Good working knowledge of security risk management, security governance framework and compliance (IT Security Audit / log review), technical vulnerability management (Vulnerability Assessment, Penetration testing), application security, security technologies (system hardening, IDS/IPS, firewall), security incident response and security assessment.
• Proficiency in written and spoken English is a must
• Autonomous, with the ability to drive and lead
• Excellent writing and communication skills to negotiate and provide solutions
• Proven stakeholder and inter-personal management skills

Qualifications:

• Bachelor’s degree or master degree in Information Security System, Computer Science, or relevant IT experience
• Preferably with minimum 10 years' experience in cyber security role, with relevant experience in Security Audits, Security Assessment and/or Compliance
• Possess one of more professional credentials: CISSP, CRISC, CISM, CISA, SSCP, CEH, ISO 27001 or equivalent

Benefits

• Regular team buildings
• 18 leave days / Year
• Health Insurance: GP, Life Insurance, Dental Insurance and Optical insurance
• Annual bonus
• Working hours: from 9am to 6pm, Monday to Friday
• E-learning and certifications paths