VP, Digital Platform & Business Systems Security - EMEA Location: Warsaw or London
Détail de l'offre
- Emploi:VP, Digital Platform & Business Systems Security - EMEA Location: Warsaw or London
- Ville: Warsaw or London
- Type d'emploi:CDI
- Date:26 septembre 2018
- Secteur:Cyber Security
- Profession:VP, Digital Platform & Business Systems Security
- Spécialité:Cyber security
- Nom :Annabel Estephan
- Téléphone :+33975128119
- Mail :firstname.lastname@example.org
- Se connecter via Linkedin
The VP, Digital Platform & Business Systems Security oversees all information security efforts for our client's digital platforms, revenue-generating business systems and applications within EMEA.
VP is specialized in – and is accountable for – information security issues relevant to Direct-to-Consumer (D2C), customer-facing technologies, appropriate protection of user and customer information (e.g. GDPR, PCI, SOX), and retail consumer privacy. VP will drive translation and successful execution of cyber security requirements, and lead resolution of Digital Platform and business-related systems security issues in fast-paced global environments.
VP will be heavily involved in evaluating application security technologies and workflows across platforms, including D2C platforms, our client’s portfolio of TV Everywhere apps and products.
VP will report directly to the SVP & CISO and will work collaboratively and effectively with Global Information Security, Digital, Broadcast, Business Systems and Infrastructure teams to design and deploy appropriate, risk-based safeguards and technical direction.
- Evaluate, manage and support application security technologies, processes and workflows on multiple platforms (e.g., Server/Client, Mobile, Tablet, etc.)
- Conduct application security risk assessments, analysis, and monitoring
- 24x7 on-call availability for Information Security issues across the globe
- Develop and execute security assessment test plans, document and present results
- Review developers’ codes, provide feedback and perform security and risk assessment for consumer-facing applications, services, and future technology
- Perform design analysis, review, piloting, and selection of security technologies that meet specified application/business requirements, as needed
- Identify and define application security requirements and security baselines for the various classes of assets and environments in use at Discovery or its partners
- Work collaboratively and proactively across the organization (e.g., Technical Architects/Leads, Product managers, Digital Media Program Teams, etc.) to support and remediate security gaps
- Review Technical Architecture and Delivery for Web and other Client Delivery Platforms
- Understand and recommend security controls for the rapid development of consumer-facing prototypes to identify technical options and inform architectural approaches
- Identify and recommend best-of-breed security stack and controls for interactive consumer experiences across web and mobile devices. (i.e., project, customer, and vendor management skills)
- Engage assigned business lines as the central point-of-contact for information security controls.
- Manage relationships effectively, advocating for business and external customers by engaging in security-related requirements conversations, seeking understanding of control requirements for presenting to IT security solution architects
- Advocate for the company’s security initiatives and controls deployment. Stays knowledgeable about the company’s technical controls and advocates for the technical security control needed by assigned business.
- Promote and evangelize the company’s IT and Information Security Policies and Standards. Advise stakeholders on security deviation control alternatives, such as compensating controls, and leads stakeholders through the policy deviation process.
- Extensive experience managing Information Security global teams
- Cybersecurity architecture/engineering and/or application security experience (appsec, netsec), with a Bachelor’s degree or higher in related field
- Must be fluent in English and Polish languages
- Broad knowledge of IT Security technologies, process, and techniques and a strong understanding of application security leading practices including OWASP and CWE.
- Extensive experience in secure code reviews, business logic assessment, and application security testing
- Experience deploying cybersecurity solutions in a public cloud environment (IaaS, PaaS, SaaS)
- Familiar with application security tools like BurpSuite Pro, SAST, DAST, nmap, Metasploit, and Kali Linux, etc. (Experience in 3rd-party testing tools such as Veracode, WhiteHat, etc. is also preferred)
- Experience working with Agile development/Scrum methodologies, and incorporation of security requirements into SDLC (CI/CD) with product owners/managers
- Excellent knowledge of software and application design and architecture
- Strong Knowledge of TCP/IP, DNS, HTTP, HTTPS, VPN, SQL and other database technologies
- Experience with Unix/Linux and Windows operating systems in an Active Directory environment
- Experience with endpoint security and SIEM technologies, e.g., Carbon Black, QRadar
- Experience working in large global environments
- Excellent communication and presentation abilities with great attention to detail
- CISSP, CEH, GWEB, CWAPT, CASS, SCADA, CCSP, CSSLP, CISSP-ISSAP or OSCP certifications are highly desired