Functie / Function:
Your role and work environment
The Global Engineering Platform provides an integrated and compliant Engineering journey for engineers globally. You’re responsible for delivering security & risk solution in the CI/CD pipeline. You’re familiar with market standards with regards to CI/CD tooling and are know the latest market development with regards to IT Risk (Controls)
The purpose of Global Engineering Platform is to enable the company to be within its IT Risk Appetite and to reduce the cost of compliance for the company and each individual DevOps teams by providing solutions for entity wide IT Risk controls. They assist their Engineers Globally in being successful by providing them a compliant CI/CD pipeline on which they can rely on for the bulk of the IT Risk and IT Security Controls. You as an IT Security Engineer are vital to fulfil this purpose as IT Risk and IT Security is part of your DNA.
Your key responsibilities
Together with the people in your squad, you are responsible for implementing IT Risk & Security capabilities in the CI/CD Pipeline and leading the organisation with regards to IT Risk. You’re familiar with the market standards.
Your main focus will be on the following IT Risk and Security capabilities:
- Drive Risk Control Implementation on all 7 Risk Pillars
- Automate and simplify Security & Risk Controls
- Designing technical Security Solutions
- Lifecycle management of the Risk Controls and the corresponding designs/solutions
- IT & Sec Risk Assessment
- Key Control Testing
- Evidence Gathering and Reporting
- Manage Third Party & Cloud Security
- Vulnerability and Patch Management
- Security Monitoring & Alert Handling
- Ability to discuss solutions in depth with 2nd and 3rd line to adhere to the Control Objectives
Gewenst / Desirable:
We are looking for:
You are an energetic and proactive IT Engineer with a passion for the securing Tech environments and a positive, “Do it-Try it-Fix it” mentality. You know how to code and have extensive experience with CI/CD. You are a natural team player who forms relationships based on social skills rather than hierarchical structure. Enhancing the IT Risk and Security controls and ultimately make the company be within IT Risk appetite while reducing the costs of compliance, is a challenge to you. Close cooperation with and between the DevOps teams, Infra, 2nd and 3rd line is your greatest achievement.
You have a broad understanding of both technical and code competences with which you feel comfortable with all Global Engineering Platform services and know your way around the Tech squads and the 2nd and 3rd line globally. You continuously strive to develop both yourself and your colleagues in the IT Risk & Security mind-set.
You are an ambassador for IT Risk & Security around the Globe. This role requires emphasis on the following:
- You have excellent problem-solving skills and are passionate about IT Security.
- You are inspiring and show energy and passion.
- You are capable of implementing one way of working regarding the implementation of IT Security & IT Risk controls across the company
- You have a good feel on how everything works in an international organisation and you understand the underlying spheres of influence.
- You are focused on cross border and multi-party collaboration: you set aside your own 'ego' in the interests of achieving the best results - you help others to be successful.
- You are able to design and implement technical Security solutions
- You are have a proven track record in the usage of CI/CD Cloud solutions
Education and background
- A personality and the capabilities to optimally function within an Agile environment
- Experience in guiding and realising change
- Experience/affinity with Tech is a pre
- Professional and intellectual IT skills at bachelor or university level, preferably IT Master
- Extensive experience in both IT Security and IT Risk
- You have a background in IT engineering area, preferably in Agile teams as a DevOps Engineer
- 5+ years’ experience in programming and software development.
- Preferably certified in AZ-400(Azure DevOps) and/or AZ-103(Azure Administrator)
- Strong knowledge and experience in Azure/AWS/Google Cloud.
- Preferably knowledge of Security and Risk Certification and / or proven skills in Security and Risk
- Excellent oral and written command of English