The Cyber Security Specialist is part of the Security team and works hand in hand with the other developers of the Squad. Its mission is to ensure a high-quality design and development of Orange Bank’s security platforms thanks to its knowledge and experience.
Knowledge about security in cloud environments (AWS and Azure) and security and related regulatory standards (ISO27001, ISO22301, PCI-DSS, PSD2, etc.)
At least 3 years working in banking environments, in these areas:
Information Security Policies. Requirements for information security to the extent that the information is held on IT systems. This process requirements are defined to implement effective information security measures, including having an information security policy in place; establishing, implementing, and testing information security measures; and establishing a training programme for all staff and contractors.
IT and Security Risk analysis. From an up-to-date inventory of the business functions, supporting processes and information assets, support first line teams to classify them in terms of criticality, based on the confidentiality, integrity, and availability of data. Based on this classification, assess, and review them periodically the risks related to the information security that impact them.
IT and Security Controls. Based on the risk analysis, determine what controls are required to mitigate the identified risks. Perform a follow-up process for monitoring the adequacy of existing controls and action plans on pending ones.
Information Security Audits. Manage regular audits regarding information security risks giving support to the audit teams (i.e., ICT Risk Management EBA 2019-04, PCI-DSS alignment, PSD2-RTS-SCA, etc.)
Information protection systems. Participation in the development and acquisition projects of IT systems for the identification and mitigation of IT risks with an adequate management of the derived changes.
Business Continuity. Perform periodically a Business Impact Analysis (BIA). Review, test, and adaptation of contingency plans, maintaining consistency with the latest BIA.
Third-party Providers Management. Follow-up on compliance with security requirements included in service agreements.
Banca y Servicios Financieros
Paquete retributivo competente en el sector.
Talk to a consultant
Talk to Eusebio Sanchez, the specialist consultant managing this position, located in Madrid