Overview You’ll be joining the Secure Development Lifecycle (SDLC) and Frictionless Transformation team in CSO. The team purpose is to drive the design and integration of security services to address the needs and wants of our customers. We ensure that security is embedded in our products and services done as early as possible in the development lifecycle. This in alignment with TDI’s strategy and the security risk and regulatory requirements.We contribute to, and operate within, a cyber-security governance framework to ensure consistency in governing relationships and leveraging cross function knowledge and strategy within the organization.We ensure security compliance in DB software delivery by coordinating and verifying the CSO- SDLC-Governance controlsTo foster path to production and the seamless customer experience we drive our Frictionless Security Program what is about making security that is easy to use.The candidate will support the team’s role as key contact for the SDLC Controls and by ensuring security compliance and automation in the SDLC Governance process.You’ will work with all of Chief Information Security Office (CSO) as well as with the business aligned technology functions in group CIO.Key Responsibilities:Representing all CSO SDLC G controls at the SDLC Governance Forum and Operational Readiness Review (ORR) BoardMaintaining relationship with our CSO control owner to ensure consistency and updates for the implementation of agreed security related solutions (e.g.: Application Penetration Testing (APT), Application Code Scanning (ACS & VAST), Identity and Access) in the SDLC process.Ensuring verifications of the SDLC Governance (SDLC G) Controls are done on a daily basis and in an accurate and timely manner.Implement and maintain automation for the CSO SDLC G controls to reduce all manual verification stepsEngaging with application development teams globallySupporting the production of accurate monthly reporting with key metrics and measures as well as timely, risk focused management information (MI) and reporting for Security Management, Business units and Application teamsSupporting, as appropriate, group wide security and information risk management initiativesSupport change initiatives like cloud with regard to the SDLC and CSO control solutions and verificationsExperience and SkillsExperience in Information Security TechnologyExperience in developing softwareExperience in Secure Development Lifecycle (SDLC) exposure would be appreciatedExcellent communications skillsVery service oriented and customer friendly behavior even in stressful situationThe ability to manage challenging relationshipsCritical Thinking - using logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problemsFluent in English (written/verbal)PreferableFamiliarity with Secure SDLC tools e.g. Veracode, SonarQube, SonarlintFirm understanding of DevSecOps and the banks shift left agenda ITAO certificated Our values define the working environment we strive to create – diverse, supportive and welcoming of different views. We embrace a culture reflecting a variety of perspectives, insights and backgrounds to drive innovation. We build talented and diverse teams to drive business results and encourage our people to develop to their full potential. Talk to us about flexible work arrangements and other initiatives we offer.We promote good working relationships and encourage high standards of conduct and work performance. We welcome applications from talented people from all cultures, countries, races, genders, sexual orientations, disabilities, beliefs and generations and are committed to providing a working environment free from harassment, discrimination and retaliation.
Secure Development Lifecycle Specialist in Bucuresti
Datele de contact vor fi vizibile dupa ce veti aplica!