Lead Security Specialist Operational Excellence - Tietoevry Care (m/f/d)

You may apply to Tietoevry by selecting Apply and fill your application details to the form. You may also Apply by using LinkedIn and populate details to your application from your LinkedIn profile.

About us

About the role
In Operational Excellence, we ensure efficient and harmonized methods, common ways of working and processes, as well as data privacy and information security. Operational Excellence is a driver and enabler to reach our ambitions with most efficient ways to work together. It is to enable and accelerate the work, provide support to Care business units to run their daily operations. Our team consists of professionals in compliance, legislation, cybersecurity, privacy, process governance, risk management, data visualization, delivery management and customer experience.
 

We are now looking for Lead Security Specialist with 10 plus years of experience to join our Cybersecurity Team within Operational Excellence to focus on strengthen and drive improvements in software and product security. Your work consists of –

Product Security –

• Strengthen product security through Care security resilience program

• Coordinate and conduct product security evaluation

• Assist, track and monitor closure of remediation actions from product security evaluations

• Strengthen Care level secure software development process that includes - policy, role & responsibilities, updates based on coding and testing implementation standards and practices

• Coordinate with Tech Services and Group Security for vulnerability management services for products and services and threat intelligence reports

Security Operations –

• To implement Tietoevry security policy and rule in Care business

• Create, own and implement Care security objectives, focus areas, and way of working

• Coordinate ISO27001 recertification; implement NIS2 directive and AI act. Conduct internal security assessments

• Own and drive information security risk management; security incident management; crisis management; and business continuity management

• Conduct security assessment of new and existing critical suppliers

• Coordinate and drive assessment against Standards of Good Practices from Information Security Forum (ISF)

• Help build security culture and security awareness across Care

• Create, drive and improve security reporting across different levels of Care and Group management

You'll work in close collaboration with Security & Privacy leads in different Business units and Group Security; other members of Operational Excellence; BU senior management, as needed.

We expect you to have –

• 10 plus years of experience in information security​​​​​​​ and Operational Excellence

• Degree in computer science or other technical education

• Knowledge on Secure Software Development Lifecycle (SDLC)

• Understanding of threat modelling

• Knowledge on OWASP, ASVS or similar frameworks for software security

• Understanding of static/dynamic/interactive code and 3rd party analysis tools and processes

• Knowledge on security in cloud, knowledge or experience with Azure or AWS cloud platform is an advantage

• Understanding of implementing a shift-left principle in security

• Knowledge on DevSecOps - Cloud native security frameworks and controls

• Security certification such as CEH, CISSP or equivalent, cloud security certifications

• Lead auditor or implementer for ISO27001 or ISO9001 standards is an added advantage

• Understanding of compliance frameworks such as ISO27001; NIS2 and CSA STAR

• Understanding of risk management principles and the application of those

To be successful in the role, we expect that you have experience of the relevant security domains in combination with the capability to communicate this to stakeholders concisely. We believe that you are a self-starter, resourceful, motivated and takes initiative. We believe that you are used to managing highly confidential information and to act with a strict level of professional discretion. With your interest in working in fast paced, global business environment you have the capability to build strong relations with internal stakeholders. You are analytical and passionate about creating secure software product for our customers at the right price with the right quality.

What’s in it for you?

With us you will be part of the important and meaningful work of developing healthcare for all of us. You have an important mission to make a difference that really matters. In addition, as a company we offer you professional growth, open and friendly culture, and an outstanding work-life balance! We believe that our organizational culture is an important part of enabling you to be successful. We provide a flexible hybrid work model as part of our culture and way of working.

Finally, we also believe in curiosity and learning as a lifestyle. We want to encourage you to keep up that curiosity and deepen your knowledge on topics you’re interested in. For example, we host a ‘Keep Learning Week’ twice a year, a week where everyone at Tietoevry has the possibility to join different training courses in a truly global setting.

At Tietoevry, we believe in the power of diversity, equity, and inclusion. We encourage applicants of all backgrounds, genders (m/f/d), and walks of life to join our team, as we believe that this fosters an inspiring workplace and fuels innovation. Our commitment to openness, trust, and diversity is at the heart of our mission to create digital futures that benefit businesses, societies, and humanity. Diversity, equity and inclusion (tietoevry.com)