Freelance Domain Expert (Security) (ZZP)

You are an experienced (application) security specialist who is able to maintain a clear overview and can present and communicate to management and larger groups of colleagues. You are leading on content and contribution and set the bar for application security. You are leading towards your teammates and coach them to learn. You create an overview across our estate.

You have extensive experience with all aspects of application security and have supported application migration, transition and re-platforming before.

You are able to perform a security review of vendor contracts e.g. for SaaS, COTS applications, etc. You understand the balance between technical security measures and potential organizational mitigating measures. You perform security assessment and threat modelling of the applications in the bank including capture of CISO risk opinion for the deviations or issues identified. You identify application security themes across our estate and push for continuous improvement. You perform well under pressure.  

You are able to entice colleagues with your ideas. This means you can easily convince people and transpose technical jargons into understandable language effortlessly. 

With the following results:

• Threat model of the assigned application is stored in the organization’s threat modelling repository

• Security Assessment is performed by identifying security gaps and those gaps are registered in the GRC tool of the organization in timely manner

• When the DORA contract deviations assessment is performed by identifying security gaps and those gaps are registered in the timely manner (as prescribed within the process) 

Relevant knowledge skills & competences:

• 10+ years of experience in the IT security / application security field

• Experience with security reviews on vendor contracts

• A degree in Information Science or relevant studies

• Information Security (IS) professional qualifications such as CISSP, CCSP, CEH, CISA, CISM and CCSK

• Broad knowledge of different IT and security capabilities and processes

• Development life-cycle knowledge, e.g. secure SDLC and security by design

• Experience with performing security assessments and with translating generic security requirements to specific cases

• Experience with IS documentation, -report writing, reviewing and consulting

• Stakeholder management skills, especially in a multi-cultural and international environment

• Core competencies in leading on content and within team, whilst being a team player

• Strong communication skills both verbally and in writing in English, Dutch being a big plus

ADDITIONAL INFORMATION:

Looking for senior person who can drive complex topics at a time!