Application Security Expert

We are looking for a Application Security Expert for an international project! 

Syone Client is a major French bank, ranking among the world's top 10 largest banks. In Portugal, it manages a significant portion of its IT operations, employing 7,000 professionals dedicated to IT services for the entire group. Recently, the company received recognition from LinkedIn as one of the best employers in Portugal, particularly noted for its commitment to fostering career growth.

The bank operates two distinct cybersecurity units in Portugal. One is directly aligned with the local operations, while the other unit is currently in the process of establishment, involving the migration of teams and functions from France to Portugal. Notably, all managers and decision-makers for this unit are French, and the workforce will primarily collaborate with counterparts in various areas in France.

Project context:

SYONE CLIENT, the leading bank in the European Union and a leading international player, is seeking to complement and reinforce its existing teams in the areas of IT risk management, cybersecurity and the fight against digital fraud. Within IT Group, Informatics Directorate of Syone Client, the Cybersecurity & Digital Fraud Department's mission aims to structure, strengthen and harmonize IT risk management and cybersecurity for the overall Syone Client Group (approximately 30 entities) and:

• Defining the vision and strategy for IT risk management and cybersecurity, and ensuring the implementation of this strategy within the Group’s operating entities;
• Monitoring the security of the Group's information systems;
• Steering the IT Continuity and Resilience strategy and methodological framework.

The evolving Cyberthreats landscape increases the security risk of financial sector that leads Syone Client to strengthen its Cybersecurity maturity, IT risk management and Operation Resilience. Within IT Group Cybersecurity & Digital Fraud department, you will be part of the Cybersecurity & Digital Fraud delivery teams in Portugal. As an extend team of the French central team, you will be part of the Global Services team as the “Core team Appsec” service dedicated to support the Group AppSec Program deployment. The Global Services team is responsible to build Group-wide international set-up to reinforce Cybersecurity capabilities and deploy Cybersecurity services dedicated to the entities of Syone Client. The job position is also to contribute closely to the Enterprise Security activities.

What you'll do:

• Be part of the Application Security Core Team of IT Group Cybersecurity and Digital Fraud;
• Contribute to the deployment of the Application Security strategy of the Group, by participating as a key actor of its deployment Program;
• Provide operational support to Group’s entities in their implementation of the AppSec Strategy, may it be related to their organization, operating model, processes, or the analysis and treatment of their vulnerabilities (N3 support level on the AppSec thematic);
• Collaborate with solution providers to fix issues impacting the service (management of support tickets);
• Animate the Application Security governance of the Group by taking part to or leading associated committees;
• Identify Application Security rules, requirements and guidelines which may need to be created or updated, based on entities feedbacks and AppSec Core Team’s observations;
• Participate to the creation and update of those documents;
• Report on the global Application Security level of the Group by consolidating collected metrics and KPIs.

What you will need to bring:

• MSc or BSc
  
• Experience in:
  • IT Risk and Cyber Security with a focus on Application Security topic;
  • Risk Knowledge & Awareness;
  • Vulnerability Management;
  • Offensive Security;
  • Software development, review and testing;
  • Software Architecture Design.

• Fluent in English
• Ability to lead a meeting, seminar, committee, seminar;
• Ability to establish and activate networks.

What can Syone offer me:

• Integration in an organization with profound and sustained growth and involvement in pioneering projects with innovative technological solutions;
• Strong IT training plans;
• Professional evolution with intervention in ambitious technological projects, both national and internationally.