Security Champion – (Project Security Advocate & Coordinator)
Security Champions work collaboratively on products and services within the DevSecOps Teams, supporting the Team to deliver secure products and services as well as to deliver the outputs as set by the business. They are involved in the iterative development of products and services during sprints and in all sprint activities e.g. sprint planning, daily stand-ups, sprint reviews and retrospectives.
Technology center of a multinational telecom company.
- Control and tracking of IT security measures within cloud environments.
- Examination of security requirements within the demand process for corporate and technical security.
- Protection of physical and intellectual assets, i.e. ensurrance that proper security and safety measures are in place.
- Evaluation of audit and vulnerability findings including risk assessment
As part of these activities, Security Champions ensure that appropriate measures are taken to check compliance with an adequate level of security in company’s processes, products and services. They ensure that identified risks and weak points are identified and dealt with.
- Advocate and follow Security Policies and Standards but are not Security experts.
- Are the Security SPOC for their Team.
- Coach their team about company/group Security policy.
- Ensure, consider and implement Security in all Team activities including sprint planning, daily stand-ups, sprint reviews and retrospectives.
- Report Security Risks and Incidents to the NCIS Security Chapter Lead.
- Contribute to a set of Security-specific user stories and must engage with the Product Owner to add Security user stories into their Team’s product and service backlog.
- Work with the Product Owner to track, monitor and advise on the prioritization of Security user stories.
- Work to find the right balance between ensuring that Security user stories are prioritized for the Team and that the Team can prioritize other user stories as and when required.
- Works with the NCIS Security Chapter Lead to identify risks in the Teams and inform the Risk Owner and the NCIS Security Chapter Lead of any potential Security risk. They suggest mitigation strategies for any Security issues that arise in the Teams.
- Inform and update their Teams about changes or updates to company Security Policies and Standards e.g. guidelines, blueprints, architectural patterns and software development.
- Inform the NCIS Security Chapter Lead about how any documentation, designs or patterns provided by Global Cyber Security could be adapted to suit local patterns.
- Comprehensive understanding of cloud IT security components.
- Experience with IT security standards or best practices.
- Good written and spoken English knowledge.
- High communication and social skills.
- Analytical and organizational skills.
- Confident demeanor and assertiveness.
- Autonomous, diligent and solution-oriented working.
- Willingness for regular further training.
Nice to have: (at least 2 of the following would represent a great advantage)
- Previous experience related to security in cloud environments or cloud migrations.
- Experience in Risk Management & Consulting.
- Good understanding of DevSecOps environment (especially CI/CD, SAST, DAST)
- Gook knowledge about Cybersecurity concepts, tools and processes (including: IPS/IDS, Risk assessment, Vulnerability Scanning/Management/Mitigation, etc.)
- Knowledge about various cloud services/platforms ( e.g. IaaS, PasS, AWS, etc.)