Information Security Manager
Middle (2-5 ani), Senior (5-10 ani)
What the team does:
We are a small security team offering security services to most of the countries/entities across the Orange Group. We have both attack (like pentesting) and defense (like DevSecOps) activities and we also do research. On top of that, we are also in charge with the internal security aspects of one of the biggest operations teams in the Group.
If we would be a word cloud, it would sound something like: Kali, Burp, Python, HackRF, OpenStack, Docker, Kubernetes, OWASP, Ruby, appsec, REST, open source.
What you would be doing:
Leading the team:
- Create a good working environment for the team, basically ensure they have everything they need to do great things;
- Identify, together with the Technical Leads, the development needs for the teams and ensure that all the needed training and coaching is available;
- Support the teams’ evolution in line with the latest industry trends;
- Promote an innovation culture;
- Ensure that all the team members understand the business environment and requirements and that the reasons behind every actions are clearly understood.
- Accountable for the overall security posture of the organization;
- Identify the organizations’ security risks and corresponding controls and ensure that residual risks are managed;
- Define the NSSO information security strategy both from an organizational and a technical point of view;
- Act as a main information security and business continuity point of contact for NSSO;
- Participate in the technical activities of the team and offer support where needed;
- Identify new business opportunities and manage the relationship with security services customers;
- Ensure the financial efficiency of the team.
What you need:
- Consultancy experience in an international enterprise environment;
- Leadership skills – the ability to take the team with you because of what you do and say, rather than who you are;
- The technical skills required the the position:
- A deep understanding of the TCP/IP stack and of how (at least) web applications work;
- Experience with pentesting and/or vulnerability management;
- The ability of working your way in an almost 100% *NIX environment;
- The necessary skills to write your scripts/tools to automate your work.
Great to have:
- Full stack development understanding and skills
- One or more of the following certifications: CISSP, CISM, CISA, OSCP, GPEN, GWAPT, C|EH