Share this Job
Apply now »

Title:  Security Specialist

Security Specialist 

 

Role purpose:

This role is part of the Global Digital & Technology (D&T, Global IT) department and specifically the Competence Center IT Security of HEINEKEN International. D&T is proud to bring cutting-edge innovation, strong technology and advanced analytics to HEINEKEN. With speed and agility we ensure HEINEKEN has the technological competitive advantages it needs to deliver on its ambition.

The Competence Center IT Security is responsible for setting the boundaries / guidelines for IT Security and ensuring these guidelines are followed by the Product Teams. Also, it needs to ensure risk assessments, acceptance criteria, development practices and security authorization are part of the knowledge areas and activities within the Product Teams. 

The Security Specialist enable and pro-actively support Product Teams to form a proper 1st line of defense, by building the right capabilities into these teams and supporting them when needed. He also provides training, tooling and support to enable Product Teams to properly form a 1st line of defense.

 

Key responsibilies:

  • Activate and operationalise the IT Security strategy;
  • Pro-actively enable Product Teams to properly form a 1st line of defense (e.g. by offering training, tooling, or sharing of best practices);
  • Build the right capabilities in the Product Teams in order to form a proper 1st line of defense;
  • Developing and maintaining training material and best practices;
  • Deliver input for and participate in the formulation of the Global Information Security & Risk Management (IS&RM) strategy and the Global Information Security Management System (ISMS Program), including IS&RM-related rules, standards, procedures and guidelines (RSPG)
  • Provide temporary expertise to Product Teams to support solving security challenges (e.g. during solution design to design security and authorisation governance);
  • Support Product Team in performing risks assessment on the technologies used by the product, categorises these risks and proposes means to remediate these;
  • Support Product Teams in applying security standards and guidelines for products and systems;
  • Recommends configuration of security tools such as firewalls, anti-virus software, patch management systems, etc. to Product Teams;
  • Support Product Team in defending against unauthorized access, modification and/or destruction;
  • Support Product Team in defining access privileges, control structures and resources;
  • Support Product Team in performing and overseeing vulnerability testing, risk analyses and security assessments;
  • Support Product Team in overseeing and monitoring routine security administration;
  • Support Product Team in developing and updating business continuity and disaster recovery protocols;
  • Train Product Teams in security awareness, protocols, procedures and best practices;
  • Designs and conduct security audits to ensure operational security;
  • Maintains awareness of emerging security industry trends, best practices and evaluate them for applicability;
  • Identifies potential security threats, vulnerabilities & risks and proposes mitigations;
  • Investigates and reports on (severe) security incidents in the product;
  • Support Product Teams to identify and drive opportunities to increase the efficiency of information security.

NOTE: Not in scope: actual 1st line responsibility for the Products, part of the end-to-end responsibility of the Product Teams (and Product Teams should have the right (security) capabilities within the team to execute that properly).

 

Agile mindset:

For Heineken the agile mind-set is centred on four principles; focus on customer value, power to the teams, start quick and smart and learn relentlessly. You own these principles and integrate them in the daily life. Self-reflection, adaptability, collaboration and resilience come natural to you and make you thrive in an Agile environment. Engaging with these characteristics and become more self-aware of personal strengths and weaknesses, makes majors strides in development of yourself and others.

 

Qualifications:

  • Bachelor’s / Master’s degree in computer science, software engineering or network design.
  • Qualification in at least some of the following qualifications or their equivalent, CISSP, CISM, ISSMP, CISA, CIA, CSTA, CSTP, CIIP, CFIP, CSIS, CMI, CWSA
  • Agile Foundation Certification (or willing to do it)

 

Skills: 

  • Able to identify and drive opportunities to increase the efficiency of information security;
  • Has the knowledge and experience to perform compliance monitoring and ensuring continuous improvement through the Information Risk Self Assessment (IRSA) process;
  • Be an IT security ambassador by supporting, informing and communicating Information Security & Risk requirements to the Product Team;
  • Has up-to-date knowledge about company, industry trends and strategy;
  • Understand changing business needs and recommend security strategies, processes and standards that will support the Product Teams in the future, taking into account costs, performance issues, risks, and business needs;
  • Working knowledge of monitoring software and control systems;
  • Demonstrated ability to recognize problems, identify possible causes and resolve routine problems;
  • Demonstrated ability to understand oral and written documentation, write reports and procedures, and communicate effectively in a variety of situations;
  • Demonstrated ability to establish and maintain effective working relationships with internal and external organisations, teams, and individuals;
  • Uses reflection, open discussion and trust to help the Product Teams to grow and develop;
  • Positive and problem solving skills;
  • Strong organisational and communication skills;

 

Expercience:

More than 6 years of relevant ICT experience in Information Technology, Security & Digital Forensics and internal Audit training within a complex international and Agile organisation.

 

Language(s):

Fluent English 

 

Agile Functional Competences: 

 

Competency

20

25

Business analysis

Design thinking

Architecture

Testing

Business Value Optimization

Level 1

Level 1

Level 1

Level 1

Level 1

Level 1

Level 1

Level 1

Level 1

Level 1

Infrastructure

Coding

Deployment

Level 1

Level 1

Level 1

Level 1

Level 1

Level 1

Sourcing & Supplier management

Road Management

Data Management

Security risk & compliance

Level 1

Level 1

Level 1

Level 2

Level 1

Level 1

Level 1

Level 3

Strategic Business partnering

Level 2

Level 3

*

** For more information, see the Agile Functional Competences document.

 

Differentiating factors: 

 

Factor

 

20

25

Breadth & Depth knowledge and experience

Has broad and/or deep knowledge of products, solutions and guidelines that can be acquired within 2 – 4 years. Has expertise within the agile environment.

Has a deep understanding of concepts, principles and practices in security area of expertise, resulting in a deep specialization in a technical field.

Autonomy / focus of activities

Work autonomously, coordinates activities and coaches team members. Understands the Agile guidelines and translates these into the boundaries for the team.

Focus is on the translation of policies into business cases and/or detailed plans. Contributes to longer term policies made on the basis of an understanding of specific products/solutions.

Stakeholder management / business impact

Maintains frequent interactions and effectively aligns the interests of multiple internal and external stakeholders.

Provides security advice to business leaders on the application of defined policies. Integrates and coordinates relationships with other parts of the organization over a long-term horizon, with a significant impact on tactical results.


Job Segment: Engineer, Computer Science, Risk Management, Information Security, Software Engineer, Engineering, Finance, Technology

Apply now »