We are expanding our Global Corporate Information Security Team and looking forward to new colleagues and leaders joining us in Bulle (FR) Switzerland. We are looking for a Head of Application Security reporting to Head of Digital Security. The scope of duties includes the following:
Responsibilities:
* Oversees the security of applications and software development processes to protect applications from vulnerabilities and attacks, leads global application security strategy for IT, OT and Product Security, as well as Global Leadership of Application Security Team, Products and Services.
* Develop and implement application (& systems) security policies and standards.
* Drive DevSecOps, Secure coding Practices, Security Testing and Compliance.
* Collaborate with IT, IS and development teams to secure the software development lifecycle (SDLC).
* Oversee integration of security controls in the design, development, and deployment of applications.
* Lead regular code reviews, penetration tests, and vulnerability assessments to identify potential risks.
* Collaborate with development, QA, and DevOps teams to embed security into agile development practices.
* Manage the selection and deployment of security testing tools and frameworks for application validation.
* Ensure compliance with industry standards and regulations related to application security.
* Provide training and guidance on secure development practices and emerging application threats.
Competencies:
* Bachelor’s/Master’s in Cybersecurity, Computer Science, or related field.
* 5+ years in cybersecurity and 3+ years in a leadership role.
* Following certificates are preferred; CISSP or CISM as well as Cloud certifications (AWS, Azure, or GCP).
* English is a Must, German and French are a plus.
* Good understanding of cybersecurity frameworks and standards (ISO 27001, NIST).
* Deep understanding of application security concepts and principles.
* Knowledge of application security tools and techniques (e.g., vulnerability scanners, code analysis tools).
* Expertise in secure coding practices and methodologies.
* OWASP framework, defensible architectures, defense in depth.
* Ability to communicate technical concepts to non-technical audiences.
* Ability to manage and collaborate with stakeholders.
* Project management.
* Readiness for global travel.
Our offer:
We offer you a secure job, progressive and family-friendly employment conditions such as flexible working hours, hybrid working, and opportunities for further training.
One Passion. Many Opportunities.
#J-18808-Ljbffr