Technology Specialist - Security

The Digital & Technology Team (D&T) is an integral division of HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us, you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!

Would you like to meet the Team, see our office, and much more? Visit our website: Heineken (heineken-dt.pl)

We are seeking an experienced Technology Specialist - Security to drive the Security by Design methodology by supporting DevOps teams with building secure products by design without security debt. Your main focus as a Cyber Security Technology Specialist will be to enable HEINEKEN Solution owners to translate the D&T CyberSecurity Policy into mature solution-specific control measures according to the NIST framework. 

Your responsibilities would include:

• delivering end-to-end Security Services defined in the Contract, Security Policy, and Technical Specifications
• acting as a focal point between different Global Information Security Product Teams and business Product Teams for all operational security-related activities
• driving the D&T Security Definition of Done implementation for all solutions in the scope of the Product Teams
• establishing, maintaining, and overseeing effective working relationships for HEINEKEN Product team specialists, external partners, and Third Party Teams providing security support on the account
• providing security consultancy, management, and security focus to the different Global Information Security Product Teams, Global P&CI, and Global Audit through the direction and provision of advice, guidance, strategic planning, and project management
• serving as a dedicated focal point for managing Security Incidents that occur in the different solutions in the Product Team, steering the dedicated technical specialist on how to resolve issues and apply lessons learned.

You are a good candidate if you have:

• proven track record driving Security by Design in Agile/DevOps environments

• skill in defining and reviewing security requirements in backlog items and user stories

• experience building dashboards/metrics to monitor security efforts and drive continuous improvement

• hands-on expertise implementing and updating global security policies, and performing risk assessments for new services

• demonstrated ability leading incident response and digital investigations to resolve security incidents and vulnerabilities

• strong cross-functional collaboration with DevOps, product owners, architects, and global security teams

• deep knowledge of operational security controls (patching, vulnerability management, IaC security)

• ability to translate security strategy into domain-specific solutions and secure stakeholder buy-in

• strong NIST framework knowledge and the ability to translate its principles into practical security control measures for diverse solutions (on-premise, SAP, etc.).

• proficiency in English (at least B2 level).

At HEINEKEN Kraków, we take integrity and ethical conduct seriously. If someone has concerns about a possible violation of legal regulations indicated in the Polish Whistleblowing Act or our Code of Business Conduct, we encourage them to speak.up. Cases can be reported to the global team or locally (in line with the local HGSS Whistleblowing procedure) by selecting the proper option in this tool or by communicating it on the hotline.

What we offer: