Global Sponsors

Últimas ofertas de empleo

Análisis y Gestión Riesgos T.I.
Buscamos Consultor de Seguridad Análisis y Gestión Riesgos T.I. con al menos 3 años de experiencia en proyectos de seguridad, orientación al cliente y compromiso con los resultados. Una persona dinámica, versátil y experimentada para desarrollar su carrera profesional en grandes clientes.  El perfil debe cumplir, tanto los requisitos de experiencia, como las competencias generales. Funciones a realizar Revisión y seguimiento de controles de seguridad implantados en el cliente de cara a auditorias de cumplimiento. Recopilación de información de seguridad de otras áreas y centros del cliente y consolidación de resultados. Soporte a la gestión y el mantenimiento de documentación (políticas, normas, etc.). Realización de informes de gestión. Soporte a la preparación de documentación divulgativa. Soporte a la generación de documentos de cumplimiento legal de seguridad. Soporte a la realización de planes de adecuación de infraestructuras de seguridad. Soporte a la planificación y coordinación de proyectos. Experiencia o altos conocimientos específicos exigidos:  Análisis, diseño e implantación de SGSI y/o Planes Directores en Seguridad de la Información. Adecuación e implantación al Esquema Nacional de Seguridad (ENS). Análisis y Gestión de Riesgos (diferentes metodologías: Magerit, ISO 31000). Adecuación y desarrollo de Marcos normativo y legal en el ámbito de las TIC, principalmente, LOPD, ENS e ISO 27000. Auditorías de cumplimiento ISO 27001 y LOPD. Amplios conocimientos sobre protección de datos. Participación en la elaboración de planes de Seguridad y Concienciación. Diseño y recopilación de estadísticas y realización de cuadros de mando.  Competencias generales - Capacidad de análisis.  - Orientación a resultados.  - Responsabilidad y autoconfianza.  - Trabajo en equipo.  - Capacidad de auto-aprendizaje.  - Proactividad e iniciativa.  Valorable: - Conocimiento de herramientas de Análisis de Riesgos (ej.: PILAR) y de GRC.  - Conocimientos de seguridad de sistemas de información (certificados electrónicos y PKI, firma electrónica, control de acceso, seguridad de aplicaciones, análisis de riesgos, ...)  - Ingles hablado y escrito. Imprescindible Titulación Técnica en: Ingeniería en Informática o Telecomunicaciones. - Se valorarán muy positivamente certificaciones de Seguridad como: CISA o Lead Auditor 27001, CGEIT, CRISC, C|CISO, PCI-DSS, CDPP, CISSP, CISM (al menos una de ellas). Por favor, si no tienes esta formación o alguna de las certificaciones indicada, no mandes tu candidatura. Lugar de trabajo: Madrid. Incorporación inmediata Salario negociable según valía.
CONSULTANT APPLICATION SECURITY
-          Descripción de la posición: Accenture is seeking Application Security Analyst/Consultants to be assigned to its office located in Madrid or Barcelona (Spain). -          Lugar de trabajo: Madrid/Barcelona. -          Conocimientos requeridos (imprescindibles): Para perfil DESIGN: o    Experience in management and definition of security in the software development lifecycle (SDLC) o    Knowledge of Waterfall and Agile development methodologies o    Experience in defining and capturing security requirements in applications o    Experience with OWASP TOP 10 / OWASP ASVS / CWE / MITRE / CAPEC / SANS 25 o    Security knowledge in Web applications and common enumerations o    Knowledge in STRIDE / DREAD / PASTA methodology o    Experience in threat detection and risk management and analysis o    Experience in defining security countermeasures and technical implementation Para perfil IMPLEMENTATION o    Hands-on experience in software development with some of the most common languages and enterprise frameworks (Java, J2EE, Spring, C++, C#, .NET…) o    Hands-on experience in web application and web services development technologies and frameworks (HTML, CSS, JavaScript, Angular, Node.JS…) o    Experience in management and definition of security in the software development lifecycle (SDLC) o    Knowledge of Waterfall and Agile development methodologies (Scrum.org Professional Scrum Developer/Master is valuable) o    Experience in defining and capturing security requirements in applications o    Experience in securing APIs and microservice architectures o    Experience in application building lifecycle (Maven, Gradle, Ant, Npm…) and automatization of CI/CD tasks in continuous release development DevOps environments (Jenkins, Ansible, Bamboo), with extensive use of change management technologies (SVN, Git…) o    Knowledge of SOA security (WS-Security, REST security)   Para perfil VALIDATION o    Experience in management and definition of security in the software development lifecycle (SDLC) o    General knowledge in at least one of the most enterprise-used programming languages as Java, C# .NET, Python, etc. o    Experience in SAST solutions such as Fortify or Checkmarx. o    Experience in SCA (Software Composition Analysis) such as Dependency-Check, SourceClear and/or WhiteSource. o    Experience in conducting security checks (static and dynamic code analysis, vulnerability analysis in applications and application penetration tests) o    Experience with OWASP Testing Guide and OWASP TOP 10 o    Knowledge of other well-known security standards of the industry: OWASP-M, SEI CERT-J, SEI CERT-C, PCI, HIPAA and ISO 27001 are valuable o    Experience in testing APIs security o    Security knowledge in web applications and common vulnerabilities o    Knowledge of SOA security o    Knowledge of security focused on mobile applications (REST, JSON, OpenID, OpenAuth, WebToken, SSO) o    Knowledge of security in micro-services and Single Page Applications is valuable In you are interested, please send your CV to  sandra.corraliza@accenture.com cristina.ayuso.perez@accenture.com
Arquitecto/a de Seguridad IT
Dentro del equipo de Seguridad de la Información, serás responsable de la definición de los requisitos de seguridad en el desarrollo de nuevos productos y servicios. Llevando a cabo el seguimiento y planificación de la implementación de los requisitos, la coordinación de los test de seguridad así como el asesoramiento al equipo de proyecto.  En nuestro equipo... Coordinarás la implementación de requisitos de seguridad en proyectos de acuerdo a los estándares y normativas corporativas. Participaras en proyectos innovadores usando entornos de tecnologías cloud y bajo metodologías agile, donde serás responsable de identificar potenciales riesgos de seguridad  Validarás desde un punto de vista de seguridad las propuestas técnicas del equipo de proyecto y acompañarás la implementación de los requisitos. Podrás proponer planes de mejora continua para la reducción del riesgo de seguridad. ¿Qué buscamos? Profesionales apasionados/as del mundo de Seguridad IT con entre 3-5 años de experiencia como Arquitectos/as de Seguridad. Titulación en Telecomunicaciones e Informática Conocer desde un punto de vista de gestión los modelos de arquitectura de seguridad basadas en cloud Conocimiento de procesos y herramientas de Integración Continua CI/CD y procesos de desarrollo de software seguro. Además de los principales frameworks y modelos de controles de seguridad (NIST, CIS, CoBIT, ISO 27001) Imprescincible nivel alto de inglés.
Cloud Security Architect
Mision The Cloud Security Architect (CSA) is responsible for designing reference cyber security architectures for hybrid cloud systems ensuring that these are adopted throughout the group. The goal of the role is to enable Santander to become a best in class and globally admired in cyber security to help protect the Group´s 200,000 staff, 144,000,000 clients and around a million systems, devices and appliances globally. Functions The CSA: Defines and ensures adoption of cloud security reference architectures and decisions across the target audience through global working groups and forums of subsidiary security architects. Defines and maintains reference cyber security architectures and makes the technological decisions that are to be adopted globally by IT/network engineers and solution engineers in the group. Has a good understanding of enterprise network and systems architectures and frameworks, and how to protect corporate networks and assets from advanced cyber threats. Integrates regulatory aspects (e.g. GDPR) into technical reasoning, being able to develop security architectures that are sound from technical, business and regulatory perspectives. The CSA is always at forefront of latest trends and technological advances in the network and infrastructure security domain, even contributing and acting as an expert in the field through the active participation in international conferences and working groups. The CSA transforms through technical leadership and the right communication skills, the target audience mind-set and attitude towards adopting the cyber security architectures and technical decisions. To this end, the CSA is able to understand business context, constraints, needs and roadmap, and reaches reference security architectures that combine the right balance between technical, business and strategy aspects.    Education    Computer Engineering, Computer Science, Telecommunications Engineering Other We are looking for candidates who meet the following requirements: 1. Higher education degree: Computer Engineering, Computer Science, Telecommunications Engineering. 2. High level of Spanish and English. 3. Deep knowledge and professional expertise in: a. Architecting both (1) Cloud Native Apps and (2) Migration of Legacy Apps to Cloud. Experience Knowledge and work experience in: Software developer  Applied cryptography and security protocols (e.g. SSL/TLS, VPN).- Communicating complex topics to a wide audience.  Infrastructure-as-Code, Software Defined Networks, automated provisioning of servers and services (DSLs like those from Terraform, Cloudify, Docker, Kubernetes), “everything-as-code”… IaaS, PaaS experience with public cloud providers (CSPs) including its related workflows and toolchains (e.g. Google App Engine, git, awscli, kubectl, etc.). Strong knowledge and practical experience applying Software Engineering patterns, Enterprise Integration patterns, etc. Eager mind-set: reading IT/SW Eng [e]books, assistance to conferences, meetups, etc.  Deep knowledge or work experience in modelling languages (e.g. UML, SOA-ML) and tools (e.g. Microsoft Visio, Visual Paradigm, Enterprise Architect, hava.io, cloudcraft.io). Languages English Advanced
Purple Team Technical
Mission Purple Team is responsible to develop and run an ongoing program of simulated cyber-attacks based on prioritised threats to Santander. The remit of the team is to provide assurance on Santander’s cyber detection and response capability and during high profile Cyber incidents to support Investigations and Incident management to aid the speedy resolution and mitigation of the cyber risk. The role will help to build a best in class and globally admired Purple Team capability to proactively protect the Group´s 200,000 staff, 120,000,000 clients and around a million systems, devices and appliances globally. Functions Test key threat scenarios against Santander’s business using adversarial attack tools, tactics and techniques. Replicate sophisticated cyber attacks to continuously test and improve the capability of Santander’s Global Security Operations Centre and Forensic response teams. Validate cyber defenses and hardening of critical systems to mitigate future cyber risk. Identify advanced malicious activity that has evaded traditional security monitoring capability. Support the global response to high profile incidents to ensure the timely completion of all cyber investigations. Develop and maintain the documentation and manuals of the different process executed in the department. Purple Team members must be able to work together regardless of they are performing attacking (red team) or defensive (blue team) activities. Requirements Education  Educated to degree level in a Computer Science / Information Technology related field. Other SANS (GPEN, GWAPT, GXPN) Offensive Security Certifications (OSCP, OSCE, OSWE) EC-Council (CEH – Certified Ethical Hacking) Competencies  Excellent inter-personal skill. Strong communication skills, both written and verbal Languages English Advanced Experience Minimum 5 + years of experience working in a technical security position, penetration testing, information security hardening technologies and techniques, cyber attack simulation programs or similar background. Strong Knowledge of information security and risk. Technical understanding of IT and Information Security solutions, processes and systems.
Business Development Representative Spain
We are currently seeking a highly motivated and energetic individual to join our Business Development team to generate qualified sales opportunities for our enterprise sales team. As part of the Business Development team, you will be working closely with the regional sales and marketing teams to generate sales accepted leads via multiple channels with a mix of inbound (lead follow-up) and outbound (prospecting) activities. As a Business Development Representative, you will be responsible for gathering intelligence and developing a deep understanding of your assigned accounts. You will then action this intelligence to connect our sales team with influencers and decision makers within the prospect accounts and across all vertical markets. You will work closely with both Account Management and Marketing to define and execute a successful account based sales strategy for the Spanish region Your day-to-day  Qualify and develop inbound and outbound sales accepted leads and respond to product inquiries Gather actionable intelligence (competition, projects, purchase intent, etc.) for the list of accounts that you will be responsible for Follow-up on all leads generated by marketing and convert initial interest into sales accepted leads Manage email campaigns to generate new sales prospects Manage cold-calling telephone-based campaigns to generate new sales prospects Complete accurate tracking of communication with current and potential customers in Salesforce.com Schedule demonstrations between Enterprise Sales team members and potential customer What You Bring To The Team Experience in a business development or inside sales experience in a large-volume enterprise account team Previous experience with solutions that can be deployed in private or public clouds a strong plus Experience working with Salesforce.com or other CRM Strong phone and interpersonal communication skills (verbal and written) as well as organisational skills Requires highly motivated individual with a competitive personality and strong attention to detail Experience working and succeeding in a goal-driven environment Excellent academic qualifications; Degree level educated ideally Fluent English language skills required

Estudios y publicaciones ISMS

ISMS Forum Spain, a través de sus iniciativas, elabora estudios que abarcan distintos aspectos relacionados con la Seguridad de la Información, con la implicación y colaboración de los profesionales de la Asociación.

ISMS FORUM MAGAZINE

La revista semestral de la Asociación Española para el fomento de la Seguridad de la Información

Colaboradores

Entidades asociadas