Digital Workplace Security Specialist
The Digital Workplace Security Specialist will be responsible for the protection of information, Intellectual Property (IP) and assets, and that of customers and suppliers, developed and used by the Agile Teams WX (worXplace) and VWP (virtual worXplace) within the Agile Release Train (ART) Digital Workplace. This by assuring that product and services of the ART Digital Workplace are aligned with and do meet at all times Information Security strategy and security standards/guidelines (“security by design”). This position will continuously help the DevOps teams with identifying risks with existing and new technology and selecting /designing mitigating security controls. Also this position will verify and monitor upon the effectiveness of the implemented security controls of the Digital Workplace product and Services and at request report towards IT security upon the effectiveness of the Security governance with respect of the scope of the ART Digital Workplace. The Digital Workplace Security Specialist is functionally a member of the ART Digital Workplace. For security matters reporting towards the IT security Competence team.
- Be the single point of contact for stakeholders with respect of the Security controls designed and implemented within the governance, products and services of the ART Digital workplace.
- Develop, design and maintain information security / Cyber security controls within the ART Digital Workplace domain to assure information is adequately protected at all times and does meet stakeholders expectations.
- Assist in identifying risks and translate security requirements to security controls which effectively reduce the applicable risks, are easy to implement and can be verified for compliance purposes without human interception (e.g. automated, script based).
- Conduct, in close cooperation with the IT Security Risk Manager, security risk assessments upon new ART Digital Workplace services to be developed and used within infrastructure and design and implement risk reducing measures.
- Work closely with the security specialist for the Digital Workplace Collaboration and Office Productivity teams.
- Assess and support mitigation of non-compliant situations, detected security incidents and/or detected risks associated to products and services of ART Digital workplace to assure a continuously adequate level of security.
- Build excellent working relationships within ART Digital Workplace agile teams and all users, including security officers and developers.
- Design KPI’s and report periodically upon KPI’s with respect of the security of ART Digital Workplace’s product and services.
- Creating security framework of new offerings (like Cloud, PAAS) and aligning with security architecture for which guidelines are not yet available.
- Refining standard security guidelines in alignment with
- security architecture to suit the agile way of working.
- Create continuous security improvement proposals for Security in ART’s and Workplace in special.
- Contribute to Security baseline and guideline improvements in cooperation with IT security
- More than 5 years’ experience as an IT Workplace security professional in:
- Translating security policies and standards into effective security controls (people, process, technology) for endpoints (e.g. workplaces)
- Conducting security assessments (Operations) and Security Risk Assessments (Development) within a complex, dynamical environment.
- Translating the output of assessment into security baseline/corrective actions and proposals for the ART Digital Workplace products and services
- Communicating with and reporting to stakeholders, users and senior management
- Good understanding of (virtual) workplace related technical concepts and solutions
- CISSP/CISM/ CISA is a plus
- Relevant Microsoft Certifications:
- Deep Knowledge of current Digital Workplace technologies (e.g. WINDOWS, AD, VDI’s , VM’s)and governance (processes)
- Experience with AZURE, Google and AWS cloud technology (IAAS / PAAS) is a pre.
- Pre: Experience with new Workplace Technologies like AutoPilot, Cloud Management Gateway, Hello Framework, etc.
- Knowledge of Windows 10 security solutions like Defender ATP, AD group policies, Intune and Microsoft Workplace Analytics
- IT Risk assessment frameworks e.g.
- CSC Top 20 Controls
- NIST SP 800 30 framework
- ISO 27001 framework
- Able to work in an Agile environment
- Able to operate independently
- Ability to interact with all levels including engineers, executives and senior managers
- Deep technical knowledge of Information Security and Endpoint technology.
- Ability to overcome organizational resistance
- Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments
- Analytical, precise, tenacious, autonomous
Start Date: Immediate/1 month/other:
Location: Netherlands, Einhoven