Tech People Hungary Ltd. is a Technical Skills recruitment consultancy based in Budapest and Warsaw primarily sourcing professionals for ICT, Finance, Engineering and Logistics related positions. Now we are searching candidate for the following position:
Security Analyst- System Development Lifecycle (E-C16)
The ICG Technology Risk & Controls Team is responsible for managing risk and providing controls and compliance guidance and support to Technology Development Units by ensuring compliance with standards, policies, and procedures, liaising with corporate IS and driving secure SDLC (System Development Lifecycle) initiative for ICG sector. The team needs to expand its capability to address the increasing numbers of vulnerabilities and security issues found in production application environments. The SDLC-SA will have strong technical acumen and should establish relationships with application managers, domain architects, project managers and corporate IS and other disciplines. The SDLC-SA will be a focal point for ensuring that there is a strong Information Security environment as well as ensuring applications, or systems, deployed in support of a business provide a level of protection appropriate to the class of information managed in those systems.
• Facilitate departmental compliance with all Information Security policies, standards and regulations as part of SDLC.
• Conduct Application Security Assessments and (ISRP) on new, existing and vendor and in-house applications.
• Help S-SDLC program lead to manage the Secure SDLC program for ICG; Drive execution of directives as mandated by Global IS Organization.
• Liaise with Business Information Security Officers and application development community to assist in identifying and reducing IS risk within applications to acceptable levels
• Assist in the development, documentation and communication of Secure SDLC standards as well as related ICG policies and standards.
• Assist in the delivery of key IT Risk Management program deliverables.
• Engender a culture of secure coding practices as part of SDLC process
• Act as a subject matter expert on all aspects of Application Information Security to completion. Reporting and Governance Responsibilities
• Compile data and prepare application IS risks reports for management
• Analysis and identification of potential non-compliance issues
• Lead and /or contribute to ad-hoc requests and projects as required
• Act as subject matter expert on Application Information Security topics during Audit meetings
• Identify opportunities for process improvement
• Facilitate compliance to defined standards and develop tools to assist compliance
• Alignment of processes across regions and globally, where possible
• Participation in Corporate and ICG-level working groups
• Higher degree
• 5-7 years of Information Technology experience.
• 2-4 years of Application Security review experience.
• Professional certifications, such as CISSP and CSSLP, or willingness to obtain certification within 12-18 months of start date
• Good understanding of Authentication, Authorization and Auditing requirements for applications.
• Knowledge of Information Security, IT Risk and Controls.
• Working knowledge of encryption technologies and OWASP Guidelines for Application Security.
• Working knowledge of application security, secure coding, and development tools and practices with expertise in any one or more of the following area: authentication and encryption solutions, web application security, mobile technologies, application architecture reviews.
Language requirements (including proficiency levels for speaking, reading, and writing):
Strong communication skills in English with regard to speaking, reading, writing and presenting.
Location: Budapest, travelling 10 % of the time
Working hours: normal business hours
Job opportunity: employee position
In case you are interested please register online. You can call: +36-30-730-2549