Our client is urgently looking for a Application Security Assessor.
As Specialist in Application Security you are part of the IT Application Security team in and work together with about 18 of your colleagues in IT security and will responsible for conducting detailed Security assessments mainly on new and existing Applications and IT services , assist and advice projects on security related questions and help drive the security improvements for You will be interacting with stakeholders on different levels in in IT, but also within sectors. SAP technology plays a key role in the security assessments. Experience with a security of a wide range of SAP applications is a must in this role.
• The security finding register contains all TVA findings and risks that are reported within IT
Security, and is used to follow up on actions and register progress. Assessing existing or new IT services ( on premise or cloud) on technical vulnerabilities and weaknesses based on process and tooling; • Assessing systems to be implemented or actual implementations based on assessments of high and low level designs, interviews and/or testing;
Advise on security improvements and additional controls;
Translating assessment results into an Information Security Specification (Security plan for service)
• Communicate observations to the relevant stakeholders, advise on mitigation and follow up on actions.observations to the relevant stakeholders, advise on mitigation and follow up on actions.
As an application security specialist you will be responsible for
• Improving and maintaining an Application Security Register, Manage and follow-up on security • assessment findings;
Keep track of follow up actions and deliver management reporting;
Perform project intake assessments in cooperation with the Project Security officer; • Represent, on occasion, IT security in IT project and intake boards where required;
Assess IT security exception requests on validity and provide advice to the team lead application security and business stakeholder for acceptance or rejection including advice on additional security controls;
Assessing applications and systems to be implemented or actual implementations based on assessments of high and low level designs, interviews and/or testing;
Translating assessment results into an Information Security Specification (Security plan for • service); • Communicate observations to the relevant stakeholders, advise on mitigation and follow up on • actions; • Performing detailed security assessments on applications and IT services;
Adding information to the different Security registers from Business impact assessments (BIA’s),
• IT Security Assessments (ITSA’s), penetration/security tests, vulnerability scans, exceptions and other sources; • Report on progress and deliver management reports;
Improve procedures to keep the security registers, application registers and assessment processes up to date; • Advise on security improvements and additional controls;
•Assess IT security exception requests; • Update and maintain security baselines and standards; • Assist IT Security risk management?
• Min 6+ years professional experience with a focus on IT applications / information security, risk and compliance; • Good working knowledge of Office suite applications like Excel and SharePoint;
•Excellent verbal and written communication skills;
Highly-motivated, with a strong work ethic and able to work effectively under minimal supervision Academic qualifications are an advantage, but not a substitute for professional experience; • Valid industry certifications such as the Certified Information Systems Security Professional (CISSP/CISM/CISA) are a plus;
• Experience in Executing Threat and Vulnerability analysis (TVA) or IT Security risk assessments on IT services and applications;
Experience with a wide range of SAP applications is a plus (no authorization management);
• Experience with Cloud security and 3rd party management;
Experience in collecting information through research and interviews; • Excellent English communication and presentation skills. Command of the Dutch language is a plus;
• CCSP or equivalent is a plus • Security/Technical/IT/informatics background bachelor’s degree (or equivalent experience)
Deep Knowledge of current security technologies and governance processes
IT audit experience is a plus • In-depth working knowledge of IT Risk / security frameworks and best practices, e.g.:
NIST Cyber Security Framework • ISF Standard of Good Practice for Information Security
NIST SP 800 30 framework • ISO 27001/2 framework • Knowledge of security in Agile is a plus