Digital Security Manager

Job Description

Location: London, United KingdomWhy usOur vision of Technology Excellence - to be industry leaders in the use of technology - means there has never been a more exciting time to be part of our company.By joining us, you will play an important role in providing IT services to our many operating companies, enabling them to work in the most efficient and effective manner. You will be empowered to challenge the norm, helping to transform the customer journey.We are part of one of the worlds largest airline groups, with 573 aircraft flying to 268 destinations and carrying around 113 million passengers each year.We provide a plug and play platform of scalable, best in class procurement, finance, and IT business services to our operating companies.The company is headquartered in Krakow, and has operations in London, Madrid, Dublin, and Chennai.You will make an impact in this role by: Supporting the worlds leading airline group secure the key digital properties of our brands. Leading the cross-group application security effort covering web and mobile customer channel and internal applications supporting colleagues from the back office to ground and aircraft crew. Building cyber security engagement and capability within our operating companies facilitating, coaching and encouraging developer understanding of security issues, grow internal security capability and set in place maturity improvement plans that measureprogress Acting as a conduit between Tech Cyber Security Office and development teams in each of our Operating Companies; providing cyber consultancy support on internal capability, processes and tooling related to application security Engaging in business partnering, providing subject matter expertise on application security and secure development/test/deployment practices Being a trusted partner to business and development teams, understanding business requirements and capability, building relationships and trust to identify cyber security risks and vulnerabilities and offer pragmatic advice based on an understanding ofthe technology environment the teams operate within. Creating and develop a network of developer security champions within development teams, helping build the capability needed to sustain ongoing security improvement, driving continued growth in security awareness and skill amongst developers Seeking to embed appropriate security testing in CI/CD environments e.g., through source code reviews, SCA, SAST/DAST, scanning through to penetration tests. Agreeing improvement plans, build capability, and help coach development teams, working with process owners to change and improve processes, set standards and put in place metrics Maintaining a focus on ensuring security helps reduce the cost, disruption and risk posed by security relevant code defects. Assist with the development of web application security guides aligned to appropriate industry standards (e.g., OWASP, ISSAF, CIS). Engaging with those planning, scoping, and conducting penetration testing and vulnerability scanning activity Setting in place standards, guiderails and good practices and the means to measure progress and security capability Assessing security capability (people, processes, and technology) in key development pipelines across the Group, advising on improvement roadmaps Taking a leading role in the cybersecurity Guild, helping shape the community of best practice that supports security knowledge and skills growth across the Group.To achieve in this role, you are likely to have: a strong background in application/software security and security engineering within a large, complex business environment. a proven track record of providing successful support in the field of cyber security with a focus on application security, and of enabling and facilitating a culture of continual improvement proven Security experience across web applications and mobile applications knowledge of secure design and security testing for APIs demonstrable understanding of the common vulnerabilities affecting modern environments experience or a good knowledge of applied cryptography experience with relevant technologies such as: IaaS (Primarily AWS, some Azure), Serverless/FaaS, CI/CD toolsets (e.g. gitlab, azure DevOps, Atlassian, Jenkins), Java and JS webapps. proven ability to influence and persuade across a complex organisation proven ability of influencing and persuading internally and externally Can recognise priorities and guide others towards the accomplishment of strategic business goals and objectives pragmatic and risk-based approach to security, understanding that security has to enable business goals. the ability to communicate risk in a business focused manner, thus convincing stakeholders of the importance of securityWhat we offeris the chance to enjoy a challenging career in an exciting, fast-moving environment in a dynamic industry.We offer the opportunity to work in a multicultural environment with great offices in many locations.We aim to provide all our people with a work life balance, and you will enjoy many benefits offered by a global organisation, including health insurance, pension and performance bonuses.We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protectedby law.