Deloitte is a world leading professional services firm, providing accounting and auditing services, management consulting and legal and tax advice. In Belgium we are the largest professional service provider. Our offices offer services to multi-national and large organisations, public institutions and innumerable small, fast-growing companies. Thanks to a strong regional presence and our multi-disciplinary approach, we are ideally placed to meet the requirements of a wide range of public institutions and small and large companies.
Our Deloitte Services & Investments (DSI) organization is a service provider to the business units, enabling their work. Our expertise covers IT Services, Finance, Human Resources, Facilities & Procurement, Legal services, Marketing & Communications, Clients & Markets, as well as Risk services.
"IT's mission is to embed technology which supports the 'Deloitte way' of doing business, providing a distinctive experience that enables new business, transforms the existing business and provides world class customer support.
To support our IT’s mission we are looking for an Application Security Analyst. The Application Security Analyst is part of the DSI IT team. You will take care of the security processes which ensure that security is embedded within all applications developed or acquired by Deloitte. You maintain contacts with internal customers and the DSI IT team.
As the Application Security Analyst you are responsible for the security of all new applications to be developed within the organisation.
Within Deloitte Belgium – we have established a COPRIA process which covers a confidentiality, privacy & security impact assessment. As Application Security Analyst you are responsible for reviewing the security related matters within this COPRIA process. With this process we want to ensure that all new applications have the necessary security measures implemented.
The Application Security Analyst helps to increase secure coding among developers and raise awareness of the importance of secure SDLC within the organisation.
During projects, you will be involved in system design and implementation to manage the security related aspects.
The Application Security Analyst reports directly to the CISO.
The Application Security Analyst is responsible for:
- The negotiation, acceptance and tracking of minimum security requirements
- Acting as the ‘voice’ of security for development team (business IT & DSI IT)
- Responsible for reporting status to the security advisor and to other relevant parties (for example development and test leads) on the project team
- Review the information security aspects within the delivered COPRIA documents
- Liaison with the business stakeholders in order to understand the data flow, purpose of the application and connections with other applications (if applicable)
- Assess relevant information security risks for the application in review (via the COPRIA) & define the security requirements
- Formally document each COPRIA review process (e.g. Agreed action plans)
- Follow-up on the action plans agreed with the business
- Reviewing the code scanning results and follow-up on the agreed action plans
- Bachelor degree in Computer Science, Information Systems or other related field
- You have minimum 3-5 years of relevant work experience in a comparable position.
- Technical information security background
- In depth knowledge of Secure SDLC
- Knowledge of secure coding
- Knowledge of setting up & controlling code scanning solutions (such as SonarQube)
- Knowledge of information security risks
- Familiarity with ISO 27001/ISO 27002, NIST and other recognized information security standards
- Strong analytical skills.
- Strong written & verbal communication - and presentation skills
- Eager to follow the industry and technology trends
- Driving license B (E).
- Fluent in English and Dutch or French