Digital Security Officer

Job description

IDEMIA Group - IDEMIA Group unlocks simpler and safer ways to pay, connect, access, identify, travel and protect public places. With its long-standing expertise in biometrics and cryptography, IDEMIA develops technologies of excellence with an impactful, ethical, and socially responsible approach. Every day, IDEMIA secures billions of interactions in the physical and digital worlds.

IDEMIA Secure Transactions, a division of IDEMIA Group, is a leading pure player in payment and connectivity solutions. For decades, we have pioneered the future of our industry, empowering our clients to offer essential services with an unbeatable balance between high-level security and ease of use. IDEMIA Secure Transactions is a trusted partner of payment networks, banks and other payment card issuers to enable and secure digital payments at scale.

With a global team of nearly 10,000 employees, IDEMIA Secure Transactions is trusted by 2,400 customers worldwide.

Purpose

Within IDEMIA Secure Transactions, we are currently looking for our Digital Product Security Officer for our Digital solutions. You will be part of the Security department. You will be in charge to maintain & improve the level of security of our digital products & services, to make it progressively a core value of our offers to our customers and ensure the security of digital solutions throughout their lifecycle.

As a Digital Product Security Officer, you are key stakeholder of the information security of all Digital solutions worldwide (Payment or Connectivity). It is a 360° role, highly visible in the organization, with many interactions with other departments including business, legal, engineering, operations and IT.

That position is an opportunity for you to contribute to the improvement of our security practices related to cloud security & agile development (devops) activities within an international context.

Key Missions

• Work with business / product owners teams, to promote security as a value in our solutions, and engage security discussions with our key customers
• Work with business / product owners teams, to integrate security in products roadmap and identify security needs in adequacy with business milestones (Move-to-Cloud, resilience …)
• Work with the legal department to review and negotiate security-related clauses in contracts with vendors, partners, and customers.
• Maintain & improve our digital security processes & standards (Security Assurance Plan, Business Continuity Plan, DevSecOps …)
• Monitor & improve security KPI, through close collaboration with product teams
• Lead the security committees with our product & services teams (business, engineering and operations)
• Conduct the threat models & risk assessment for Digital activities; to share conclusions with business, to ensure proper mitigation & prioritization of these vulnerabilities
• Improve the overall level of security empowerment & maturity of the teams by contributing actively to security awareness activities, and by adopting a coaching approach rather than a “doer”.
• Assess and manage the security of third-party vendors and partners involved in the development and support of digital products

Profile & Other Information

Technical skills :

• 7+ experience in information security, including a first experience as security officer in another company
• Very good knowledge & work experience in risk assessment (ex : ISO 27005 framework) and/or Threat Modelling approach
• Experience in definition of security policies & standards
• Solid knowledge of various information security frameworks
• Experience in working in cloud environments

Soft skills : 

• Excellent problem-solving and analytical skills.
• High level of autonomy & adaptability
• Demonstrated leadership skills, ability to manage transversely different teams to achieve a common goal.
• Ability to explain risks for business to executive people & give advices about mitigations schemes to reduce risks
• Effective verbal and written communication skills.
• English 100% fluent (written & spoken).