Digital Product Security Officer
Since our founding, IDEMIA has been on a mission to unlock the world and make it safer through our cutting-edge identity technologies. Our technology leadership makes us the partner of choice for hundreds of governments and thousands of enterprises in over 180 countries, including some of the biggest and most influential brands in the world. In applying our unique expertise in biometrics and cryptography, we enable our clients to unlock simpler and safer ways to pay, connect, access, identify, travel and protect public places – at scale and in total security.
Our teams work from 5 continents and speak 100+ different languages. We strongly believe that our diversity is a key driver of innovation and performance.
About the job offer
IDEMIA Group - IDEMIA Group unlocks simpler and safer ways to pay, connect, access, identify, travel and protect public places. With its long-standing expertise in biometrics and cryptography, IDEMIA develops technologies of excellence with an impactful, ethical, and socially responsible approach. Every day, IDEMIA secures billions of interactions in the physical and digital worlds.
IDEMIA Secure Transactions, a division of IDEMIA Group, is a leading pure player in payment and connectivity solutions. For decades, we have pioneered the future of our industry, empowering our clients to offer essential services with an unbeatable balance between high-level security and ease of use. IDEMIA Secure Transactions is a trusted partner of payment networks, banks and other payment card issuers to enable and secure digital payments at scale.
With a global team of nearly 10,000 employees, IDEMIA Secure Transactions is trusted by 2,400 customers worldwide.
Purpose
Within IDEMIA Secure Transactions, we are currently looking for our Digital Product Security Officer for our Digital Payment solutions and card-related eServices. You will be part of the Security department.
You will be in charge to maintain & improve the level of security of our digital products & services, to make it progressively a core value of our offers to our customers and ensure the security of digital solutions throughout their lifecycle.
As a Digital Product Security Officer, you are key stakeholder of the information security of all Digital Payment solutions worldwide. It is a 360° role, highly visible in the organization, with many interactions with other departments including business, legal, engineering, operations and IT.
That position is an opportunity for you to contribute to the improvement of our security practices related to cloud security & agile development (devops) activities within an international context.
Key Missions
- Work with business / product owners teams, to promote security as a value in our solutions, and engage security discussions with our key customers
- Work with business / product owners teams, to integrate security in products roadmap and identify security needs in adequacy with business milestones (Move-to-Cloud, resilience …)
- Work with the legal department to review and negotiate security-related clauses in contracts with vendors, partners, and customers.
- Maintain & improve our digital security processes & standards (Security Assurance Plan, Business Continuity Plan, DevSecOps …)
- Monitor & improve security KPI, through close collaboration with product teams
- Lead the security committees with our product & services teams (business, engineering and operations)
- Conduct the threat models & risk assessment for Digital payment activities; to share conclusions with business, to ensure proper mitigation & prioritization of these vulnerabilities
- Improve the overall level of security empowerment & maturity of the teams by contributing actively to security awareness activities, and by adopting a coaching approach rather than a “doer”.
- Assess and manage the security of third-party vendors and partners involved in the development and support of digital products.
Technical skills
- 7+ experience in information security, including a first experience as security officer in another company
- Very good knowledge & work experience in risk assessment (ex : ISO 27005 framework) and/or Threat Modelling approach
- Experience in definition of security policies & standards
- Solid knowledge of various information security frameworks (ex : NIST, ISO 27002, …)
- Experience in working in cloud environments (Azure and/or AWS)
- Personal certification in global security frameworks such as CISSP is recommended
Soft skills
- Excellent problem-solving and analytical skills
- High level of autonomy & adaptability
- Demonstrated leadership skills, ability to manage transversely different teams in “project mode”, to achieve a common goal
- Ability to explain risks for business to executive people & give advices about mitigations schemes to reduce risks
- Ability to educate both technical & non-technical audience about various security measures topics and areas.
- Effective verbal and written communication skills
- English 100% fluent (written & spoken).
By choosing to work at IDEMIA, you will join a unique tech company, offering a wide range of growth opportunities. You will contribute to a safer world, collaborating with an international and global community. We value the diversity of our teams and welcome people from all walks of life, regardless of how they look, where they come from, who they love, or what they think.
We deliver cutting edge, future proof innovation that reach the highest technological standards and we’re transforming, fast, to stay a leader in a world that’s changing fast, too.
At IDEMIA, people can develop their expertise and feel a sense of ownership and empowerment, in a global environment, as part of a company with the ambition and the ability to change the world.
Visit our website to know more about the leader in Identity Technologies