Agile Security Officer | Rotterdam
Quest4 is looking for Havenbedrijf Rotterdam after a Agile Security Officer for 24-32 hrs a week
At Port of Rotterdam we aspire to be the smartest port in the world, and we are committed to modernize and optimize port related logistics on a global level. In 2018 we created the unit Digital Business Solutions. A department focused on developing groundbreaking digital solutions and data services that accelerate the digital revolution in port logistics.
Our ideas and products are noticed and adopted by industry leaders. This is the direct result of thinking like a startup and working agile all the way
through. We value our culture of ownership, craftmanship and self-organizing teams that consist of highly skilled team players.
Through increased customer demand we are on the verge of launching and scaling-up multiple products. Therefor we want to be sure we have taken all
relevant measures to provide safe and secure software services.
Because of our agile way of working we want to expand our team with a highly skilled and experienced security officer with a demonstrable track record in
operating in agile environments. For the cultural fit he/she should show a nononsense, pragmatic and practical attitude in bridging the interests of the
involved strategical, tactical and operational layers.
Security Vision and Security Improvement Backlog:
1. Refine security vision and mission statement.
2. Quick scan and gap analysis; regarding industry standards/frameworks like e.g. ISO27001.
3. Joint SRE/Security-framework; design/alignment of a security framework and SRE-framework resulting in a combined maturity model.
4. Updated and prioritized Security Improvement Backlog.
1. Act as liaison for the CISO / Privacy Officer;
a. Align CISO and other security parties to the agile processes
b. Communicate and inform CISO / Privacy Office on current and future projects.
2. Create a security chapter to facilitate security awareness and knowledge sharing amongst the agile teams.
3. Convert the existing Information Security Policy in a LEAN and agile compatible list of controls.
Convert the existing security tollgates to agile security actions:
1. Design and implement Agile security activities to take during product backlog and poker sessions to maintain the security level.
2. Improve and fine-tune the Secure Agile process based on information collected during the retrospectives.
3. Support the Risk Assessments (or Agile alternative) by providing input for risk determination and mitigation advise.
4. Assess the necessity of additional mitigation actions during innovation (e.g. during poker sessions).
5. Assess the (correct) implementation or execution of the mitigation actions during innovation (e.g. at the Definition of Done).
Plan of approach resolving existing Security issues:
1. Review the existing list of open issues and improve the classification, clustering, business impact translation, and possible solutions.
2. Coordinate the mitigation together with the Product Owners.
3. Fine-tune the solution and mitigation between all involved parties (e.g. Business security officer, Configuration management, etc)
1. Analyze and prioritize encountered security issues in terms of business impact and mitigation for:
a. Issues encountered during innovation; and
b. Issues encountered in live systems.
2. Provide advice and support to Agile teams with respect to security issues and improve the general level of awareness.
Security tooling support:
1. Implement and provide training for the use of security tooling within the agile teams.
2. Provide assistance for designing, implementing, and optimizing security monitoring (e.g. using Web Application Firewalls or audit tools).
1. Conduct and evaluate Privacy Impact Assessments on HBR and GDPR privacy guidelines
2. Analyze and prioritize encountered privacy issues in terms of business impact and mitigation for:
a. Issues encountered during innovation; and
b. Issues encountered in live systems
3. Provide advice and support to Agile teams with respect to privacy issues and improve the general level of awareness.
4. Consulting and training for the implementation of privacy tooling in the Agile teams and the Continuous Integration process.
- HBO(+) work and thinking level
- At least 5 years of work experience in a comparable environment (security and agile).
- CV (Word) entirely in Dutch or English and a maximum of 5 pages. This includes at least 2 references of performed relevant assignments.
- Good command of the Dutch or English language in word and writing.
- Available 28th of May in the afternoon for interview
An agreement is entered into with the best-rated candidate. The standard HbR hiring agreement applies to the assignment with a projectrelated confidentiality agreement.
The Port Authority applies an all-in hour rate (the Netherlands), excluding VAT per worked hour. Note: The hourly rate includes all (travel) costs.
Voor meer informatie over deze functie kun je contact opnemen met Wendy van Ooijen bereikbaar op het nummer: 06 – 29 98 58 99. Als je geïnteresseerd bent in de functie nodigen wij je van harte uit een aanbieding te verzorgen via het aanbiedingsformulier.
Geplaatst op 2019-05-16 17:49:38