Freelance Lead Application Security Specialist - Ensuring Security by Design in a Dynamic Environment (ZZP)

• It is important that you meet all strict requirements and meet the wishes as best as possible.

• We would like to receive a clear motivation and CV.

Job description

You play a crucial role in securing our application landscape. You focus on our crown jewels, and ensure that security is constantly improving, amidst IT transformation such as our journey to the cloud, the implementation of DevOps and an Agile way of working. You contribute to the safety of the bank by securing individual applications, but also by looking at the bigger picture. You brainstorm, advise and work together with our talented development teams to ensure information security at the start of our banking products. Briefly: a constant co-creation and security by design!

ABN AMRO’s IT organization is your biggest client, which is an international environment with people from all over the world. You meet with your colleagues frequently, and sit in with start-ups. It is important to scale the business and customer interests against possible risks. If information security is at stake, you will have to step in and quickly come up with creative and smart alternatives. There is a range of technologies and external parties you will work with. Including the major cloud providers. This job provides you with the opportunity to work in a large diversity of tech, tech organizations, and colleagues.

ADDITIONAL INFORMATION:

We are looking for an Information Security Expert/Experienced Application Security Specialist: 

You are an experienced (application) security specialist who is able to maintain a clear overview and can present and communicate to management and larger groups of colleagues. You are leading on content and contribution and set the bar for application security. You are leading towards your teammates and coach them to learn. You create an overview across our estate.

You have extensive experience with all aspects of application security and have supported application migration, transition and re-platforming before. You are able to perform a security review of vendor contracts e.g. for SaaS, COTS applications, etc. You understand the balance between technical security measures and potential organizational mitigating measures. You identify application security themes across our estate and push for continuous improvement. You perform well under pressure. 

You are able to entice colleagues with your ideas. This means you can easily convince people and transpose technical jargons into understandable language effortlessly. Sometimes you will only be given five minutes to substantiate your advice and solution. This should be enough to make your statement.

You perform security assessments on applications, middleware and infrastructure, determine gaps with policies and standards and recommend on improvements that balance security, strategy and other relevant priorities. You review new and existing vendor contracts for security clauses and work with product owners and vendors to optimize contracts. You proactively identify bigger themes where the bank needs to grow in from a security perspective, and come up with ideas to improve standards, processes, applications and anything else that is needed.

Relevant knowledge skills & competences:

• 10+ years of experience in the IT security / application security field

• Experience with security reviews on vendor contracts

• A degree in Information Science or relevant studies

• Information Security (IS) professional qualifications such as CISSP, CCSP, CEH, CISA, CISM and CCSK

• Broad knowledge of different IT and security capabilities and processes

• Development life-cycle knowledge, e.g. secure SDLC and security by design

• Experience with performing security assessments and with translating generic security requirements to specific cases

• Experience with IS documentation, -report writing, reviewing and consulting

• Stakeholder management skills, especially in a multi-cultural and international environment

• Core competencies in leading on content and within team, whilst being a team player

• Strong communication skills both verbally and in writing in English, Dutch being a big plus