Job description:
About our client:Our client is a trailblazing pioneer in the Tobacco Manufacturing Industry. What sets them apart is their unwavering commitment to innovation and progress. They have embarked on a remarkable journey of transformation, with a resolute aim to create a smoke-free future. This ambitious endeavour has completely redefined every aspect of their business, from the production and distribution of their products, to how they interact with their customers and society as a whole.By embracing this transformation, our client is leading from the front, with their pioneering vision and steadfast determination to create a smoke-free future.With a workforce of more than 75,000 talented individuals worldwide across 180 countries, they have truly established themselves as a global leader in the industry. Role Description:Running at the forefront of our client s Digital Transformation, Information Security offers guidance, solutions and advisory all across their business, supporting their secure journey towards a smoke-free future. Their scope ranges from security assessments, architecture, governance and risk advisory, through resilience, cyber threat intelligence and incident response, to supporting our client s Functions, Markets, and Platforms (e.g. Finance, People Culture, Operations, Consumer or Product) and building an organizational security culture. Responsibilities:Identify cybersecurity gaps in our client s applications and systems using a wide variety of methods, e.g. threat modeling, architecture reviews, access model reviews, configuration reviews, static and dynamic application security testingEvaluate the security posture of the third party solutions using TPCRM methodologies with cybersecurity focusAnalyze the scope, methodology and results of cybersecurity activities (e.g. ethical hacking) performed by third parties around the presence of vulnerabilities in systems used or to be used by our client.Follow up with third parties on any inconsistency and ambiguity in the reports to have a reasonable level of assurance over security testing deliverables provided by vendorsDescribe and demonstrate identified issues in various forms (e.g. reports, technical debt definitions) and ensure that relevant collaborators understand the risk that those vulnerabilities pose to the CompanyAdvise IT teams on how to replicate identified cybersecurity issues and remediate them in the most effective and cost efficient wayPartner with other Information Security leaders to ensure that our client follows standard processes in the application security testing domain by continuously optimizing tools, techniques and methodologiesKeep up to date with the constantly evolving cyber threat landscape and the latest developments in IT risk management and contribute to our client s security standardsRequirements:Proven experience, preferably in a large organization or consulting companies, in at least one of the areas:IT assurance: IT security, IT risk management, IT audit, IT controls,Offensive security: ethical hacking, penetration testing, vulnerability assessment, red teamingSecure software development: S-SDLC, DevSecOpsProfessional certifications in at least two of the following domains:IT systems security and auditing (e.g. CISA, CISSP, CRISC, CISM).Cloud technologies (e.g. AWS, Azure, Salesforce).Ethical hacking (e.g. OSCP, GIAC Penetration Tester, CEH).Proven track record in performing IT security assessments or IT audits for large scale solutions.Good knowledge of typical application design patterns and their attack vectors (e.g. web, mobile, thick client, etc.).Strong understanding of modern application architectures including microservices, containers, APIs, serverless technologies and cloud environments.Knowledge of basic identity and access management concepts (e.g. single-sign on, identity federation) and standards (e.g. SAML, OAuth 2.0, OpenID).Sound knowledge of impact and remediation techniques for vulnerabilities from and outside of OWASP Top 10.Considerable technical writing proficiency and oral presentation skills.
