Agile Security Officer, Rotterdam

Omschrijving:
Voor Port of Rotterdam zijn wij op zoek naar een Agile Security Officer

At Port of Rotterdam we aspire to be the smartest port in the world, and we are committed to modernize and optimize port related logistics on a global level. In 2018 we created the unit Digital Business Solutions. A department focused on developing groundbreaking digital solutions and data services that accelerate the digital revolution in port logistics.

Short description of the department, the job description, main activities, what kind of person are we looking for:
Our ideas and products are noticed and adopted by industry leaders. This is the direct result of thinking like a startup and working agile all the way through. We value our culture of ownership, craftmanship and self-organizing teams that consist of highly skilled team players. Through increased customer demand we are on the verge of launching and scaling-up multiple products. Therefor we want to be sure we have taken all relevant measures to provide safe and secure software services. Because of our agile way of working we want to expand our team with a highly skilled and experienced security officer with a demonstrable track record in operating in agile environments. For the cultural fit he/she should show a nononsense, pragmatic and practical attitude in bridging the interests of the involved strategical, tactical and operational layers.

Assigned tasks:
Security Vision and Security Improvement Backlog:
1. Refine security vision and mission statement.
2. Quick scan and gap analysis; regarding industry standards/frameworks like e.g. ISO27001.
3. Joint SRE/Security-framework; design/alignment of a security framework and SRE-framework resulting in a combined maturity model.
4. Updated and prioritized Security Improvement Backlog.

Security Culture:
1. Act as liaison for the CISO / Privacy Officer;
a. Align CISO and other security parties to the agile processes
b. Communicate and inform CISO / Privacy Office on current and future projects.
2. Create a security chapter to facilitate security awareness and knowledge sharing amongst the agile teams.
3. Convert the existing Information Security Policy in a LEAN and agile compatible list of controls.

Convert the existing security tollgates to agile security actions:
1. Design and implement Agile security activities to take during product backlog and poker sessions to maintain the security level.
2. Improve and fine-tune the Secure Agile process based on information collected during the retrospectives.
3. Support the Risk Assessments (or Agile alternative) by providing input for risk determination and mitigation advise.
4. Assess the necessity of additional mitigation actions during innovation (e.g. during poker sessions).
5. Assess the (correct) implementation or execution of the mitigation actions during innovation (e.g. at the Definition of Done).

Plan of approach resolving existing Security issues:
1. Review the existing list of open issues and improve the classification, clustering, business impact translation, and possible solutions.
2. Coordinate the mitigation together with the Product Owners.
3. Fine-tune the solution and mitigation between all involved parties (e.g. Business security officer, Configuration management, etc)

Security support:
1. Analyze and prioritize encountered security issues in terms of business impact and mitigation for:
a. Issues encountered during innovation; and
b. Issues encountered in live systems.
2. Provide advice and support to Agile teams with respect to security issues and improve the general level of awareness.

Security tooling support:
1. Implement and provide training for the use of security tooling within the agile teams.
2. Provide assistance for designing, implementing, and optimizing security monitoring (e.g. using Web Application Firewalls or audit tools).

Privacy Support:
1. Conduct and evaluate Privacy Impact Assessments on HBR and GDPR privacy guidelines
2. Analyze and prioritize encountered privacy issues in terms of business impact and mitigation for:
a. Issues encountered during innovation; and
b. Issues encountered in live systems
3. Provide advice and support to Agile teams with respect to privacy issues and improve the general level of awareness.
4. Consulting and training for the implementation of privacy tooling in the Agile teams and the Continuous Integration process.

Functie eisen (knock-out criteria):
1. HBO(+) work and thinking level
2. At least 5 years of work experience in a comparable environment.

Functie wensen (gunningscriteria):
1. Beschikbaar voor een gesprek op dinsdag 28 mei

Algemene informatie m.b.t. de aanvraag:
Locatie: Rotterdam
Startdatum: ASAP, at the latest 15 June
Duur: 31 December 2019
Optie op verlenging: ja
Inzet: 24 – 32
uur per week
Tarief: marktconform
Sluitingsdatum: 20-05-2019
Sluitingstijd: 09:00
Intakegesprek: 28-05-2019

Hoe dient uw aanbieding verzorgd te worden?
- CV in ”Word-formaat” geschreven in de taal van de uitvraag;
- Motivatie geschreven in de “ik-vorm”, waarin u zowel kort en bondig ingaat op de scope van de opdracht als puntsgewijs uw aansluiting op de eisen en wensen toelicht;
- Uw beschikbaarheid (per wanneer, aantal uren per week en vakantieplannen);
- Uw uurtarief specifiek voor de onderhavige aanvraag (inclusief reis- en verblijfskosten en excl. BTW).

N.B.
- Bij het ontvangen van uw reactie gaan wij er vanuit dat uw aanbieding voor deze aanvraag exclusief is. Hiermee wordt voorkomen dat uw aanbieding meerdere malen bij dezelfde opdrachtgever voor deze aanvraag wordt ingediend.
- Aangezien de functie eisen knock-out criteria zijn, en de functiewensen de gunningscriteria zijn, dient uw aansluiting hierop dan ook goed afleesbaar in uw cv te zijn opgenomen. Dit verhoogt namelijk een succesvollere behandeling van de aanbieding.
- Tijdens het selectieproces wordt u op de hoogte gehouden van de voortgang. Mocht u vragen hebben, dan staan wij u graag te woord.



Trefwoorden: agile, security, officer



OPDRACHT​GEVER:

bedrijfsnaam:
ICQ Groep
contactpersoon:
Ron Brussaard
type:
ZZP, freelance, interim vacature
locatie:
Rotterdam
provincie:
Zuid-Holland
uurtarief:
marktconform
start project:
zsm
referentie:
ITC- ICBO02296
duur opdracht:
3 maanden
uren per week:
32 uur
publicatiedatum:
17-05-2019 15:35:53
terug naar zoekresultaten  |  vorige  |  volgende  |  alle vacatures