IT Security & Risk Manager
Oliver Wyman
Warsaw, Poland
5 d. temu

Job overview

As a trusted member of the Information Technology Services team, the ITS Agile Application Security Manager will provide leadership for the overall Application Security framework and associated technical resources who are responsible for leading the development, implementation and maintenance of the Application Security program across all development teams.

In addition, this role will develop strategic partnerships with key stakeholders for the department built on trust, expertise, integrity and a shared mutual interest to protect Oliver Wyman Group - our clients, our reputation and our assets.

Key roles and responsibilities

  • Designs, develops, operates and manages security strategies, policies and programs to assess, prioritize, and mitigate business risk with technical and non-technical controls
  • Responsible for embedding security early into the software development lifecycle through the delivery of secure development training and the incorporation of static code analysis and dynamic application security testing within the continuous integration / continuous deployment pipeline
  • Designs and performs security assessments of systems to ensure they are operating securely, and that data is protected from both internal and external attacks.
  • Ensures compliance to policies and procedures. Makes recommendations for preventive measures as necessary

  • Manages the application vulnerability management process that ensures regular security testing of applications to identify network, infrastructure, and configuration vulnerabilities, and consistently tracks remediation of identified vulnerabilities
  • Collaborates with development teams to identify and develop security champions and certifying non-security professionals on security concepts to embed application security expertise and advocacy within existing software development and quality assurance teams
  • Provide support to strategic initiatives, programs, and projects by identifying information security risks, collaborating with project teams on determining and implementing mitigating controls, tracking timely remediation of issues
  • Provide oversight, coordination and management of Security & Risk projects
  • Provide security consulting and subject matter expertise with the evaluation, selection and implementation of new IT systems from risk, compliance and information security controls perspective
  • Support Director of ITS Security & Risk on improving overall service and solutions across the firm
  • Skills and credentials

  • Excellent follow-up skills with attention to detail and ability to multi-task, have leadership presence, strong team-orientation and interpersonal skills, flexibility, and strong analytical skills
  • Certifications in one of more of the following is a plus : Certified Information Systems Security, Professional (CISSP), Certified Ethical Hacker (CEH), Certified Secure Software Lifecycle Professional (CSSLP) or other equivalent certifications
  • Track record of interfacing with and presenting results to senior management
  • Possesses a comprehensive understanding of how risk management processes and other IT functions collectively integrate to contribute towards achieving business objectives
  • Project management experience with a proven track record for managing security projects
  • Excellent written and verbal communication skills
  • Excellent planning and organizational skills
  • Excellent customer client service orientation
  • Polished and professional demeanor
  • Occasional travel to other offices and firm events
  • Experience required

  • We're looking for someone who has application development experience combined with an understanding, implementation and automation of Information Security and Secure Coding principles.
  • Minimum of 5 years of experience in Information Security with proven experience managing and implementing information security solutions
  • Bachelors’ degree in Computer Science is required
  • To apply please send us your CV in English

    Dodaj do ulubionych
    Usuń z ulubionych
    Mój adres email
    Klikając przycisk "Kontynuuj", wyrażam zgodę neuvoo na przetwarzanie moich danych i wysyłanie powiadomień e-mailem, zgodnie z zasadami przedstawionymi przez neuvoo. W każdej chwili mogę wycofać moją zgodę lub zrezygnować z subskrypcji.
    Formularz wniosku