- Esmane info
Job ID: 765
Would you like to play a key role in ensuring that Nordea is protected against IT security threats? We are now looking for a Specialist in Security Development Area (SecDevOps) who will support driving the Secure DevOps culture inside Nordea. By joining the Chief Security Office, this is an opportunity for you to contribute in Nordea’s SecDevOps journey as well as setting directions for IT security.
You will be having a key role in our Secure Development Engineering team by defining, driving, implementing and monitoring security controls embedded in the secure software development lifecycle (SDLC) as well as ensuring development security controls are operating effectively.
In Nordea, we’re harnessing the power of technology to reinvent the future of banking. A tech revolution is underway – and you can make an impact. Though we’re a Nordic bank, we’re also one of the largest IT employers in Tricity and Warsaw. Working with international teams in an inspiring working environment, you’ll have lots of opportunities to expand your skills and advance your career.
About this opportunity
Welcome to the Secure Development Engineering team. As a member of the Nordea security team you will be working within Nordea Group Risk and Compliance in second line of defense. We are overall responsible for security monitoring, control and reporting and that Nordea has an effective security governance and management process in place.
We add value to Nordea and to our customers by managing the information security risks and enabling managers and employees to act correctly in protecting the confidentiality, integrity and availability of information. We do that in strong collaboration with business areas and Group functions. The unit supports the entire Nordea Group.
What you’ll be doing:
• Define, monitor and measure security controls embedded in SDLC (Software Development Life Cycle)
• Define and demonstrate prudent application and infrastructure security oversight
• Challenge and proactively advice the first line of security on regulatory compliance and security control feasibility in operational processes.
• Work closely with development teams to ensure the applications are designed with security & operability in mind.
• Design and improve security processes to support key activities, both in IT Security and DevOps environment.
• Ensure that practices used at both - Development and Operations stage of implementation fulfil security and compliance requirements
• Experiment and learn about new tools and techniques that may be beneficial for Nordea, to build and prepare for the future.
The role is based in Gdynia; Copenhagen; Gdańsk; Helsinki; Stockholm; Tallinn; Warszawa.
Who you are
Collaboration. Ownership. Passion. Courage. These are the values that guide us in being at our best – and that we imagine you share with us.
To succeed in this role, we believe that you:
• Possess the capability of transforming IT security and the regulatory requirements into operational processes, and ensure the implementation of IT security controls
• Have a passion/interest for tech security combined with understanding of regulatory requirements
• Demonstrate structured thinking and be comfortable working with complex assignments
• Secure SDLC is your real interest. You want to understand how full process works and how we can continuously improve it.
• Are proactive, independent, pragmatic and solution oriented
Your experience and background:
• Experience in working with IT Security processes, governance, measures and controls (e.g. Threat modelling, DAST, SAST etc.)
• Excellent understanding what drives security, other than just code quality when developing and delivering software.
• Familiar with development of automated CI/CD deployments, container-based architecture and relevant infrastructure solutions.
• Hold integrity and trust as your core values and have excellent collaboration and stakeholder management skills
• You have a strong cultural awareness and a dynamic approach, willing to take on extra responsibilities when needed
• You have good command of English
• Relevant security qualifications such as CSSLP, CISM, CISSP will be considered as huge advantage
If this sounds like you, get in touch!
Submit your application no later than 31/01/2022.
At Nordea, we know that an inclusive workplace is a sustainable workplace. We deeply believe that our diverse backgrounds, experiences, characteristics and traits make us better at serving customers and communities. So please come as you are.
Please include permit for processing personal data in CV as following:
In accordance with art. 6 (1) a and b. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) hereinafter ‘GDPR’. I agree to have: my personal data, education and employment history proceeded for the purposes of current and future recruitment processes in Nordea Bank Abp.
The administrator of your personal data is: Nordea Bank Abp operating in Poland through its Branch, address: Aleja Edwarda Rydza Śmiglego 20, 93-281 Łodź. Your personal data will be processed for the recruitment processes in Nordea Bank Abp. You have a right to access your personal data, right to rectify and right to delete. Disclosing the personal data in the scope specified by the provisions of Polish Labour Code from 26 June 1974 and executive acts are mandatory. Providing personal data is necessary to conduct the recruitment processes. The request for the deletion of your personal data means resignation from further participation in recruitment processes and causes the immediate removal of your application. Detailed information concerning processing of your personal data can be found at: http://www.nordea.com/Images/33-355365/nordea-com-careers-job-pl-en.pdf
We reserve the right to reply only to selected applications.
Please be aware that any applications or CVs coming through email or direct messages will not be accepted or considered.