Technical Product Owner - Security Services (f/m/d)
We are expanding our team and looking for a Technical Product Owner - Security Services.
As Technical Product Owner - Security Services, you will be our key interface between our Engineers in the production teams, the management team, business users and external auditors regarding security and compliance subjects. As part of our team you will encourage our production to become continuously better and adhere to security & compliance policies/guidelines. And you will negotiate security and compliance requirements with auditors in the best interest of the company.
- Support the teams to integrate security and compliance tools, standards and processes into the software development life cycle.
- Support the teams to implement, test and operate advanced security and compliance best practices (e.g. OWASP, SSE-CMM).
- Maintain security and compliance documentation.
- Prepare, Execute and Follow-Up External Audits.
- Transfer Security & Compliance Documentation into product requirements.
- Define and Improve metrics reporting the state of security and compliance to the management.
- Develop a familiarity with new tools and best practices.
- Keep an overview on web and mobile application, technical infrastructure and organizational structure and processes to apply security measures where applicable.
- Support and Drive Automation of security and compliance issues detection.
- Manage Relationship with external security and compliance Auditors.
- Define, document and implement relevant InfoSec policies & guidelines within the organization.
- Monitor the communicated InfoSec policies & guidelines are adhered to by all users within the organization.
- Experience in Software development / web and mobile architectures / Virtualization/ Microservices / Cloud.
- Experience in network / firewall design / intrusion detection / penetration testing / denial of service defense.
- Experience in Information / IT security and compliance management / processes based on ISO/IEC 27001 or equal standards, PCI DSS, Data Protection Regulation.
- Proven track record in managing IT and Information Security.
- Solid understanding of cyber security threats, risks, vulnerabilities and attacks giving insight into threat actor motives, capabilities, and techniques.
- Understanding of Penetration Testing, Vulnerability Management, Threat Vector Analysis, Intrusion Detection and Prevention, Incident Management and Response, Web Application Security, Risk Assessment and Mitigation Methodologies, and Counter Threat Operations.
- Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation.
- Good understanding of cutting edge industry best practice regarding technology and security/compliance.
- Educated at least to degree level.
- Agile Mindset: Embrace Change, Proactive Attitude, Deliver Customer Value, Be Well-Ordered in Complex Situations, Effective Communication.