InfoSec Manager - Applications Systems (m/f/d)

Publicado 08 October 2021
Categoria Permanente


Kelly IT is looking to recruit a InfoSec Manager for Applications Systems, to join our client's Tech Hub. It's to directly integrate the client - no outsourcing, no consultancy. It allows for remote work from anywhere in Portugal.

With huge change, comes huge opportunity. With our client, you'll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions.


*Minimum 10 years of experience in application security and/or IT risk management, preferably within a large organization
*Minimum 3 years of experience in managing large-sized (20-30 people) teams of information security specialists
*Proven track record in supporting development teams throughout all phases of systems development life cycle (design, threat modeling, development, maintenance)
*Experience in managing partners including business owners, product teams, and contractors/vendors
*Good understanding of cloud computing architectures (e.g. SaaS, IaaS, PaaS, FaaS) and their corresponding characteristics of InfoSec
*Practical knowledge of modern application architectures including microservices, containers, APIs, and serverless technologies
*Considerable technical writing proficiency and oral presentation skills
*Good understanding of the industry and regulatory requirements (e.g. SOX, GDPR, PCI)
*Knowledge of common web/mobile development technologies (e.g. ASP.NET, C#, Java, JavaScript, Ruby, Python)
*Practical experience in Agile/DevOps organizations and cultures


*Lead a team of application security specialists that support IT platforms
*Ensure that the team is staffed with the required talent and operates in line with Information Security processes and requirements
*Review work and deliverables of the team to guarantee that they meet the level of quality
*Continuously evolve the team by crafting learning paths and development programs for team members.
*Ensure team members maintain their information security knowledge by continuous self-learning and participating in training or conferences
*Apply management practices to balance between individual needs and budget available
*Provide expert recommendations on how to embed cybersecurity into the systems development life cycle process, e.g. by facilitating the execution of threat modeling activities and encouraging the adoption of DevSecOps principles
*Ensure that third-party risks are handled appropriately and that systems are designed and implemented in accordance with internal and external InfoSec requirements
*Manage peaks in the demand for application security advisory services and manage the onboarding of external/contracted application security specialists when the team capacity is exceeded
*Establish metrics to measure the efficiency of the overall application security program, e.g. by reporting on the number of initiatives supported, average time and effort spent, common findings and pitfalls identified during the fieldwork, etc.
*Drive security awareness programs for IT platforms/platform enabling teams by organizing lectures, webinars, or training on secure software development, secure coding, and other information security topics

A Kelly Services atua na qualidade de Agência de Emprego, em relação à presente oferta. Informamos que se optar por se candidatar, as suas informações serão tratadas de acordo com a Declaração de Privacidade da Kelly Services.

Kelly Services acts as an Employment Agency in relation to this offer. Please be advised that if you choose to apply, your information will be treated in accordance with the Kelly Services Privacy Statement.