IS Application Security Manager
Cracow, Małopolskie, Poland
- Job type
Take your next career step at ABB with a global team that is energizing the transformation of society and industry to achieve a more productive, sustainable future.
At ABB, we have the clear goal of driving diversity and inclusion across all dimensions: gender, LGBTQ+, abilities, ethnicity and generations. Together, we are embarking on a journey where each and every one of us, individually and collectively, welcomes and celebrates individual differences.
"If you are looking for big, global challenges, IS is the place to come.
ABB's portfolio includes some of the most advanced power and productivity products and systems in the world. To help us work more efficiently, you need to understand the power and potential of information technology. If you have the energy, discipline and intellectual firepower to succeed, you will find almost limitless opportunities to stretch your thinking, expand your horizons and build your skills as you work with talented people all over the world."
In this role you will be leading the Global IS Application Security team in GBS IS ensuring developed and acquired applications across ABB IS landscape are secured in alignment with Corporate IS Information Security guidance, design, and roadmap. Develops and maintains a global team of security experts testing applications’ resilience, validating security configuration, and promoting secure development practices across IS delivery teams. Provides clear guidance and recommendations to deliver reliable and secure solutions to the business.
- The IS Application Security Service Owner is responsible to design, implement and maintain the framework to deliver the IS Application Security services in scope, within budget, and in line with the customer’s expectations.
- Develops scripts, tools, or methodologies to enhance service processes
- IS End-to-End responsible for building and delivering of Application Security services in alignment with the vision created by the Business Owner:
- Works with Department Manager to establish and maintain the vision and process framework for managing Security Resilience, web application scans and Strong practical knowledge of Secure Software Development Life Cycle practice services. Collaborates with the Corporate IS Information Security, Corporate IS Governance Risk and Compliance, GBS IS Consumer Excellence, GBS IS Capabilities, GBS IS Domains, Business IS and 3rd Party IS Suppliers to ensure understanding of resilience testing process and providing them with clear guidance and recommendations to deliver reliable and secure solutions.
- Promotes secure software development practices, delivers periodic web application scans and application resilience validation services across ABB IS landscape in alignment with Corporate IS Information Security guidance, design, and roadmap. Ensures periodic security posture reporting to the business and suggests risk driven resolutions.
- Delivers and providing risk driven guidance and resilience testing services aiming to improvements overall security posture across ABB IS landscape and minimize potential negative business and reputation impact in case of security incident.
- Ensures proper scoping of prospective engagements and assists during complex engagements. Validates findings reported by the team and ensure high quality reports and presentations for both technical and executive audiences. Participates in discussions with asset owners or designated technical contacts to analyze and explain results of assessments and tests as well as determine remediation steps/time needed.
- Living ABB’s core values of safety and integrity, which means taking responsibility for your own actions while caring for your colleagues and the business.
- Bachelor’s or Master’s degree in Information Technology, Computer Science, Software Engineering, or a related qualification, and/or proven capability through past employment experience
- Minimum of 12+ years of Information Security experience with at least 6 years in leading service delivery and security operations, and at least 4 years in penetration testing
- Excellent written and verbal communication skills, and ability to present complex and technical issues to diverse audiences including senior management
- Strong knowledge of tools used for wireless, web application, and network security testing
- Strong practical knowledge of Secure Software Development Life Cycle (SSDLC) process and software exploitation skills (web, client-server and mobile) on modern operation systems. Familiarization with XSS, SSJS, filter bypassing, Injection, CSRF, etc.
- Familiarity with common reconnaissance, exploitation, and post exploitation frameworks.
- Strong attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work.
- Detailed knowledge of current international best practices in privacy.
- ITIL 4 Foundation certification required
- CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional) certifications preferred
More about us
Interested in joining our team in this role? If so, we look forward to receiving your application via our online careers tool. Please submit your CV and motivation letter in English – documents in other languages will not be reviewed.
HQ Talent Acquisition Team,
ABB Asea Brown Boveri Ltd.
Let’s write the future. Together. www.abb.com/careers
We reserve the right to withdraw this posting at any time.