Application Security Assessor (SAP Technology) (466694)

Locatie
Veldhoven
Startdatum
01/05/2020
Einddatum
31/07/2020
Uren
40
Klant
ATOS Nederland BV
Aanvraagnummer
SRQ139808
Deel deze aanvraag:

Geen ZZP
Dit is een must: You are in possession of a valid work permit for The Netherlands.

Voor onze eindklant zijn wij op zoek naar een Application Security Assessor (SAP Technology)

Job Mission
As an application security specialist, you will be responsible for: • Improving and maintaining an Application Security Register, Manage and follow-up on security assessment findings;
• Keep track of follow up actions and deliver management reporting;
• Perform project intake assessments in cooperation with the Project Security officer;
• Represent, on occasion, IT security in IT project and intake boards where required;
• Assess IT security exception requests on validity and provide advice to the team lead application security and business stakeholder for acceptance or rejection including advice on additional security controls;
• Assessing applications and systems to be implemented or actual implementations based on assessments of high and low level designs, interviews and/or testing;
• Translating assessment results into an Information Security Specification (Security plan for service);
• Communicate observations to the relevant stakeholders, advise on mitigation and follow up on actions;
• Performing detailed security assessments on applications and IT services;
• Adding information to the different Security registers from Business impact assessments (BIA’s), IT Security Assessments (ITSA’s), penetration/security tests, vulnerability scans, exceptions and other sources;
• Report on progress and deliver management reports;
• Improve procedures to keep the security registers, application registers and assessment processes up to date;
• Advise on security improvements and additional controls;
• Assess IT security exception requests;
• Update and maintain security baselines and standards;
• Assist IT Security risk management

Education
• Academic qualifications are an advantage, but not a substitute for professional experience;
• Valid industry certifications such as the Certified Information Systems Security Professional
(CISSP/CISM/CISA) are a plus;
• CCSP or equivalent is a plus
• Security/Technical/IT/informatics background bachelor’s degree (or equivalent experience)
• Deep Knowledge of current security technologies and governance processes
• IT audit experience is a plus
• In-depth working knowledge of IT Risk / security frameworks and best practices, e.g.:
• NIST Cyber Security Framework
• ISF Standard of Good Practice for Information Security
• NIST SP 800 30 framework
• ISO 27001/2 framework
• Knowledge of security in Agile is a plus

Experience
• Min 6+ years professional experience with a focus on IT applications / information security, risk and compliance;
• Experience in Executing Threat and Vulnerability analysis (TVA) or IT Security risk assessments on IT services and applications; SAP technology plays a key role in the security assessments. Experience with a security of a wide range of SAP applications is a must in this role. (no authorization management);
• Experience with Cloud security and 3rd party management;
• Experience in collecting information through research and interviews;
• Excellent English communication and presentation skills. Command of the Dutch language is a plus;
• Good working knowledge of Office suite applications like Excel and SharePoint;
• Excellent verbal and written communication skills;
• Highly-motivated, with a strong work ethic and able to work effectively under minimal supervision

Personal skills
Able to operate independently, self-starter
• Ability to interact with all levels including users, engineers, executives and senior managers
• Deep technical knowledge of IT-security and Information Security and Architecture methodology.
• Ability to overcome organizational resistance
• Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments
• Analytical, precise, tenacious, autonomous
• Able to digest large amounts of new information quickly, and derive key security requirements
• Able to grasp the deep technical characteristics of new environments quickly
• Able to draft clear and concise visualizations of complex environments
• Able to fairly represent conflicting stakeholder needs to enable informed decision-making
• Able to stand your ground in a flexible / changing environment
• Able to work with rapid changing demands

Hiringdesk ATOS Nederland

Inschrijven
Veldhoven
40
01/05/2020
06/04/2020
31/07/2020
ATOS Nederland BV
SRQ139808
Locatie:
Startdatum:
Einddatum:
Uren:
Veldhoven
01/05/2020
31/07/2020
40

Geen ZZP
Dit is een must: You are in possession of a valid work permit for The Netherlands.

Voor onze eindklant zijn wij op zoek naar een Application Security Assessor (SAP Technology)

Job Mission
As an application security specialist, you will be responsible for: • Improving and maintaining an Application Security Register, Manage and follow-up on security assessment findings;
• Keep track of follow up actions and deliver management reporting;
• Perform project intake assessments in cooperation with the Project Security officer;
• Represent, on occasion, IT security in IT project and intake boards where required;
• Assess IT security exception requests on validity and provide advice to the team lead application security and business stakeholder for acceptance or rejection including advice on additional security controls;
• Assessing applications and systems to be implemented or actual implementations based on assessments of high and low level designs, interviews and/or testing;
• Translating assessment results into an Information Security Specification (Security plan for service);
• Communicate observations to the relevant stakeholders, advise on mitigation and follow up on actions;
• Performing detailed security assessments on applications and IT services;
• Adding information to the different Security registers from Business impact assessments (BIA’s), IT Security Assessments (ITSA’s), penetration/security tests, vulnerability scans, exceptions and other sources;
• Report on progress and deliver management reports;
• Improve procedures to keep the security registers, application registers and assessment processes up to date;
• Advise on security improvements and additional controls;
• Assess IT security exception requests;
• Update and maintain security baselines and standards;
• Assist IT Security risk management

Education
• Academic qualifications are an advantage, but not a substitute for professional experience;
• Valid industry certifications such as the Certified Information Systems Security Professional
(CISSP/CISM/CISA) are a plus;
• CCSP or equivalent is a plus
• Security/Technical/IT/informatics background bachelor’s degree (or equivalent experience)
• Deep Knowledge of current security technologies and governance processes
• IT audit experience is a plus
• In-depth working knowledge of IT Risk / security frameworks and best practices, e.g.:
• NIST Cyber Security Framework
• ISF Standard of Good Practice for Information Security
• NIST SP 800 30 framework
• ISO 27001/2 framework
• Knowledge of security in Agile is a plus

Experience
• Min 6+ years professional experience with a focus on IT applications / information security, risk and compliance;
• Experience in Executing Threat and Vulnerability analysis (TVA) or IT Security risk assessments on IT services and applications; SAP technology plays a key role in the security assessments. Experience with a security of a wide range of SAP applications is a must in this role. (no authorization management);
• Experience with Cloud security and 3rd party management;
• Experience in collecting information through research and interviews;
• Excellent English communication and presentation skills. Command of the Dutch language is a plus;
• Good working knowledge of Office suite applications like Excel and SharePoint;
• Excellent verbal and written communication skills;
• Highly-motivated, with a strong work ethic and able to work effectively under minimal supervision

Personal skills
Able to operate independently, self-starter
• Ability to interact with all levels including users, engineers, executives and senior managers
• Deep technical knowledge of IT-security and Information Security and Architecture methodology.
• Ability to overcome organizational resistance
• Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments
• Analytical, precise, tenacious, autonomous
• Able to digest large amounts of new information quickly, and derive key security requirements
• Able to grasp the deep technical characteristics of new environments quickly
• Able to draft clear and concise visualizations of complex environments
• Able to fairly represent conflicting stakeholder needs to enable informed decision-making
• Able to stand your ground in a flexible / changing environment
• Able to work with rapid changing demands

Inloggen