Quality and Security Manager - Tietoevry Banking

You may apply to Tietoevry by selecting Apply and fill your application details to the form. You may also Apply by using LinkedIn and populate details to your application from your LinkedIn profile.

In Operational Excellence, we ensure efficient and harmonized methods, common ways of working and processes. Operational Excellence is a driver and enabler to reach our ambitions with most efficient ways to work together. It is to enable and accelerate the work, provide support to Payments & Cash Management business unit to run their daily operations.
 

We are now looking for Quality and Security manager with 10 plus years of experience to join Operational Excellence to focus on strengthen and drive improvements in software and product security, privacy and quality compliance. Your work consists of:

Quality, Privacy and Security Compliance –

• Assist, track and monitor closure of remediation actions from product security evaluations

• Strengthen PCM level secure software development process that includes - policy, role & responsibilities, updates based on coding and testing implementation standards and practices

• Coordinate with Tech Services and Group Security for vulnerability management services for products and services and threat intelligence reports

• Coordinate ISO27001 recertification; implement NIS2 directive and AI act. Conduct internal security assessments

• Own and drive information security risk management; security incident management; crisis management; and business continuity management

• Conduct security assessment of new and existing critical suppliers

• Coordinate and drive assessment against Standards of Good Practices from Information Security Forum (ISF)

• Help build security culture and security awareness across PCM

• Lead the Compliance team and be an integral part of the Leadership Team, ensuring that services and business operations comply with defined standards.

• Drive BC plan and DR plan and annually test the plans with stakeholders

• Provide administrative supervision and leadership to the Compliance Team.

• Report on Quality, Security, Privacy, and other compliance topics to the PCM Business Leadership Team.

• Communicate effectively with corporate functions and auditing firms.

• Implement standard requirements for services and business operations.

• Oversee the follow-up on implementation and compliance governance.

• Prepare for and participate in internal and external audits.

• Offer consultancy to colleagues on standards and compliance-related topics.

• Identify and manage risks, threats, non-compliances, and issues.

• Conduct awareness sessions and internal training on standards requirements for employees

You'll work in close collaboration with Security & Privacy leads in different Business units and Group Security; other members of Operational Excellence; BU senior management, as needed.

We expect you to have –

• A solid understanding of relevant standards (ISO9001, ISO14001, ISO27001, ISO22301, ISO27701) and regulations, including GDPR, DORA, EBA guidelines, and NIS2.

• Knowledge on Secure Software Development Lifecycle (SDLC)

• Knowledge of IT infrastructure, including networks, cloud environments, and data center operations.

• Relevant certifications and experience in performing internal audits.

• Strong analytical skills coupled with a sense of accountability.

• Effective organizational and communication abilities.

• Driving BCP and DR

• Understanding of threat modelling

• Knowledge on OWASP, ASVS or similar frameworks for software security

• Understanding of static/dynamic/interactive code and 3rd party analysis tools and processes

• Knowledge on security in cloud, knowledge or experience with AWS cloud platform is an advantage

• Understanding of implementing a shift-left principle in security

• Knowledge on DevSecOps - Cloud native security frameworks and controls

• Lead auditor or implementer for ISO27001 or ISO9001 standards is an added advantage

• Understanding of risk management principles and its applicability

To be successful in the role, we expect that you have experience of the relevant security domains in combination with the capability to communicate this to stakeholders concisely. We believe that you are a self-starter, resourceful, motivated and takes initiative. We believe that you are used to managing highly confidential information and to act with a strict level of professional discretion. With your interest in working in fast paced, global business environment you have the capability to build strong relations with internal stakeholders. You are analytical and passionate about creating secure software product for our customers at the right price with the right quality.

At Tietoevry, we believe in the power of diversity, equity, and inclusion. We encourage applicants of all backgrounds, genders (m/f/d), and walks of life to join our team, as we believe that this fosters an inspiring workplace and fuels innovation. Our commitment to openness, trust, and diversity is at the heart of our mission to create digital futures that benefit businesses, societies, and humanity. Diversity, equity and inclusion (tietoevry.com)