SME - IT security

Job Summary

The Secure by design Information Security Engineer is a specialist role reporting directly in to the IT security team under secure by design function and works with the cross tribe projects for implementing secure by design

Key Responsibilities

• What are you going to do?
• Support with proposing information security requirements to ensure solutions developed are secure and meet all internal standards and regulatory requirements.
• Advise engineering, development and other security teams to ensure the solutions developed are secured by design.
• Ensure appropriate testing and assurance activities are completed by working with the relevant teams.
• Maintain, monitor and identity Information security related issues and findings within the Tribe.
• Promote responsible security behaviour within the Tribe by conducting training sessions on security best practices for engineering community.
• Develop and distribute documentation and guidelines for Software development security practices.
• Ensure all the security controls implementation is meeting with industry & ING standards and inline with ING Compliance & risk frameworks.
• Own the security exposure risk management ,driving actions to closure and be able to work indepdently with minimal guidance

Skill Requirements

• Broad technical security experience, ideally with deep subject matter expertise & hands on experience in at least one domain e.g. Cryptography implementation ,security monitoring, network security,identity access management etc.
• Exceptional problem-solving and analytical skills to identify and resolve security issues effectively • Experience in identifying technological risks and working with stakeholders to manage these risks.
• Experience with Dev Sec Ops and Secure by Design methodologies .
• The ability to prioritize and delegate to achieve exceptional outcomes.
• Strong negotiation and influencing skills with a passion for solving complex ambiguous problems.
• Prior experience in Offensive security activities such as Pentesting, Threat Modelling, Vulnerability assessment, web application testing is beneficial. Ability to acquire technical understanding of the IT environment, including its architectural direction in context of risk management, in order to be able, provide relevant security advice.

Other Requirements

Relevant certification such as OSCP ,CISM, CISSP is preferred. Knowledge of architectural principles, frameworks (TOGAF), MITRE Attack Framework design patterns and industry best practices for design and development – incl Agile delivery models

The role is expected to participate and influence Security activities within the Delivery Tribe’s portfolio to ultimately improve the security footprint and overall posture within the businesses.\\r\\n\\r\\n Ethics: Balanced Decision Making and Objectivity\\r\\n High Integrity & Professional Scepticism\\r\\n Self Direction, Self Confidence, Ability to work under pressure, Natural inquisitiveness, Service Orientation.\\r\\n\\r\\n Ability sense political relations and navigate (informal) power structures.\\r\\n\\r\\n Ability to recognize and respond to diverse thinking styles, learning styles and cultural qualities.\\r\\n Proactive Regulatory Compliance, ING Minimum Standards, ING Security Standards, \\r\\nand ability to translate abstraction to clear, understandable actions.\\r\\n