Mission
Our client is looking for a Security Officer to support the security assessment of critical business and IT initiatives.
The objective is to identify, assess, and mitigate cyber and IT risks from the early stages of project delivery, ensuring that security, compliance, and resilience requirements are integrated into solution design and implementation.
This role requires a strong combination of technical security expertise, risk management capabilities, and stakeholder engagement skills.
Key Responsibilities
Technical Risk Assessment
- Analyze complex application and infrastructure architectures to identify security risks and vulnerabilities.
- Review data flows, integrations, APIs, cloud environments, and microservices architectures.
- Apply recognized methodologies such as OWASP Risk Rating and ISO 27005.
Security Governance & Compliance
- Ensure alignment with internal security policies and applicable regulations.
- Support compliance initiatives related to GDPR, NIS2, and industry security frameworks.
- Participate in risk acceptance and remediation processes.
Architecture & Design Reviews
- Perform security reviews during project design phases.
- Challenge architectural decisions from a security perspective.
- Identify security gaps before production deployment.
Third-Party Risk Management
- Assess security aspects of external vendors and service providers.
- Review contracts and technical security documentation.
Stakeholder Management
- Collaborate closely with Architects, DevOps Engineers, Product Owners, and Project Managers.
- Facilitate workshops and security review sessions.
- Translate technical risks into business-oriented recommendations.
Reporting
- Produce clear and actionable risk assessment reports.
- Present findings and recommendations to management and governance bodies.
Required Skills & Experience
Security & Risk Frameworks
- Strong expertise with:
- ISO 27001 / 27002 / 27005
- NIST Cybersecurity Framework
- OWASP methodologies
- NIS2 Directive
Technical Expertise
- Experience reviewing modern application architectures.
- Strong understanding of:
- APIs
- Microservices
- Cloud environments (GCP preferred)
- Security architecture principles
Professional Experience
- Minimum 5 years of experience in Cyber Security.
- Proven background in GRC, Security Architecture, Risk Management, or related security functions.
Soft Skills
- Strong analytical and investigative mindset.
- Ability to identify hidden risks and challenge assumptions.
- Excellent communication skills.
- Ability to explain complex technical topics to non-technical stakeholders.
Languages
- Professional fluency in English.
