CIB Business IT Security Officer

For more than 15 years, Talan has been advising companies and administrations, supporting them and implementing their transformation projects in France and abroad. With a presence on four continents, the group anticipates revenue of €350 million in 2020, for a headcount of more than 3,500 consultants.

In the UK, Talan count 230 employees on several site, the main being: London, Edinburgh and Chester, Leeds.

Role

A CIB Business IT Security Officer is required to join CIB IT Security office.

The role will focus on ensuring that the security posture of CIB applications is clearly communicated to internal and external stakeholders, ensuring appropriate remediation plans are swiftly executed by actively participating to key development steering and programs and architecture committees.

The CIB Business IT Security Officer will receive delegation of authority from CISOs and will be able to enforce a vision of strong yet balanced security posture. The jobholder will be required to participate to high stakes meetings with senior stakeholders but also be able to drill down in technical matters, in partnership with architecture and CIB Application security team.

This is an exciting opportunity to work with interesting security challenges in an environment with many different development platforms, communications technologies, and advanced trading systems.

The role encompasses a number of activities & responsibilities:

· To promote and support security best practices in software Development Lifecycle of development teams. Will involve working with developers to integrate tools such as source code analysis into their build environments and to assist with the identification, tracking, and remediation of vulnerabilities.

· To actively engage with development community (executive committees, team meetings) to evangelize security best practices and ensure that security requirements receive sufficient attention.

· To prioritize and schedule penetration testing performed by application security team. To challenge the results and ensure remediation options are appropriate and implemented in a timely manner.

· To provide expertise on discovered vulnerabilities and to mediate / arbitrate disputes between developers and an offshore security testing teams

· To drive, track, and assist application development teams comply with the Application Security baseline. Work with development and application security teams on subjects such as strong authentication, encryption, data protection / leakage, etc.

· To strengthen development practices and improve overall development security through the highlighting of good practices and development methodologies.

· To analyse deviations to best practices and security guidelines such as application security baseline, drive remediation plans and/or propose risk acceptances. The latest would require additional risk analysis in partnership with IT Risk teams and officers.

Skills

Attributes

Essential

· Excellent understanding of development security and its implementation in systems: identification, authentication, access control and provisioning, alignment of jurisdiction to business process

· Familiarity with common security vulnerabilities (e.g. OWASP Top 10)

· Strong technical skills required to understand vulnerabilities in detail and how to resolve/mitigate them.

· Excellent knowledge of programming best practices, design patterns, etc.

· Excellent problem solving skills, being able to develop approaches to complex technology and strategy problems, building consensus across diverse interest groups and working within constraints of practical delivery yet able to think beyond the requirements of immediate issues.

· Well-developed written communication skills with the ability to summarise key issues, conclusions and recommendations in report form. Target audiences will include regulatory authorities and internal/external auditors.

· The candidate will be a forward thinking individual with the ability to look beyond immediate problems and issues, but with a solid practical delivery focus.

· Highly skilled and able to demonstrate value to the development community at a practical level, working alongside developers, production staff and technical architects on a collaborative basis

· The ability to manage independent responsibilities and projects while working closely with the security, architecture and development communities; the candidate must be well organised, self motivating and a good communicator

· A pragmatist with the strength of character to lead divergent interests to common ground and the best outcome

· Able to communicate effectively across a wide range of seniorities from entry level developer to senior management.

· A technologist, with an interest in emergent technologies and practices, with the ability to understand and communicate how these could fit within the technology estate

· Approachable and willing to share their expertise and experience in order to assist the development of teams and individuals

Desirable

· Development experience, preferably in Microsoft Visual Studio, .NET and Java

· Experience of specific security products and technologies: CA Siteminder, 2 factor authentication, Kerberos / SAML authentication solutions

· Experience of the development lifecycle within .NET, C# and/or Java projects

· Hands-on penetration testing experience

· Experience with source code analysis products (HP/Fortify)

· Knowledge of Web Application Firewalls: how to apply them and to define effective custom rules

· Competent in technical interviewing

· Familiarity with product adoption lifecycles, with an understanding of the different methods technologies, products and approaches can be introduced to an enterprise and the merits of each