Job ID: 25353
We are looking for a Senior Information Security Specialist to join the Information Security function in Nordea Asset Management. As a Senior Information Security Specialist you will play a vital role in embedding information security practices, controls and culture within Nordea Asset Management, as well as determining our exposure to information security risks.
At Nordea Asset Management, we see that the world is changing fast – and we want to be one step ahead of the curve. That’s why we’re deeply committed to providing the financial solutions of tomorrow to our customers. We’re creating an agile environment where we experiment and grow together – and we need your ideas and interesting background. With us, you’ll be in good company with a chance to make your mark on something bigger.
About this opportunity
Welcome to the Information Security Function within Nordea Asset Management. We add value by maintaining appropriate levels of resiliency and security and ensuring that our customers’ data and internal data, our services and underlying infrastructure are protected and resilient.
What you’ll be doing:
As the Senior Information Security Specialist, you’ll be responsible for the followings:
1. Assessment and Assurance: Provide support for the maintenance of the information security framework. Conduct security (risk and control) assessments and advise on necessary improvements to enhance security controls and practices as needed. Work with business units and technologists to identify (Information security) risks and support the organisation in implementing security controls to mitigate them. Assist in determining exposure to information/cyber security/cloud security risk and resilience risk as well as evaluating readiness to mitigate them effectively. Help articulate risk appetite concerning information/cyber security and BCCM.
2. Advisory and Communication: Provide guidance to the organisation on information security principles, controls and control design. Assist and guide the organisation in the implementation of information security framework and application security principles, including secure coding, threat modelling, and security testing. Support remediation activities to ensure that internal audit, legal and regulatory requirements are met. Assist the organisation in in integrating security into the various stages of Software Development Lifecycle (SDLC) and DevOps pipelines. Ensure that an adequate (as well as business friendly) assurance and reporting framework including evidence, KPIs and KRIs are in place.
3. Coordination: Participate in internal and external risk assessments. Coordinate information security assessments and mitigating measures with relevant stakeholders IT, Legal, Operations and Privacy stakeholders. Collaborate across central and local functions to establish sustainable approaches and forge necessary alignments.
You’ll join a motivated team which is a major contributor to the development of a technology focused Asset Management organisation in the international arena. The role is based in Oeiras (Portugal).
Who you are
Collaboration. Ownership. Passion. Courage. These are the values that guide us in being at our best – and that we imagine you share with us.
To succeed in this role, we believe that you:
4. Have professional communication skills and an ability to effectively create influence with your interactions.
5. Are independent, conducting independent assessments, and drafting proposals based on these, while contributing to a great team performance.
6. Fluency in English (spoken and written) required, with efficient skills in using Microsoft Office tools.
Your experience and background:
7. Bachelor’s degree in a related field.
8. Minimum 3 years of experience working with information security and business continuity.
9. Experience in information security processes.
10. Understanding security pitfalls in both on-premise and cloud software development and how to avoid them.
11. Understanding of tools and practices that facilitate DevSecOps approach such as automated security scanning and continuous integration/continuous deployment (CI/CD) security.
12. Solid ability to translate complex security and continuity issues into business risks.
13. Relevant certifications ( CISM, CISA, CRISC, etc.).
14. Thrive in a progressive environment and ability to prioritize and handle multiple tasks.
If this sounds like you, get in touch!