Application Security Lead

at  Essity

DO YOU WANT TO MAKE A DIFFERENCE IN A DYNAMIC ORGANIZATION WHERE YOU GET TO BUILD RELATIONSHIPS WITH PEOPLE FROM ALL OVER THE WORLD? ARE YOU PASSIONATE ABOUT COLLABORATING WITH IT TEAMS TO ENHANCE APPLICATION SECURITY AND EAGER TO CONTRIBUTE TO THE SECURE SOFTWARE DEVELOPMENT LIFECYCLE AT ESSITY? IF YES, THEN THIS MIGHT BE AN OPPORTUNITY JUST FOR YOU!

Essity – a leading global hygiene and health company and the home of brands like Libero, TENA, Libresse, Tork, Sorbact and JOBST is offering an exciting and challenging opportunity for you who want to contribute with your expertise, energy and creativity. We are looking for an additional colleague to join us as an Application Security Lead within our Global IT Organization.

EDUCATION

• Higher education (at least a bachelor’s degree) in computer science, Information Technology, or a related field.
• Professional security certifications such as CISSP or CISA are meritorious.

WORK EXPERIENCE

• Several years of working experience in the areas of software engineering, application security, and ethical hacking.

FUNCTIONAL SKILLS

• Deep understanding of application security related frameworks and maturity models.
• Advanced level of understanding the OWASP top 10 vulnerabilities.
• Experience with DevSecOps practices and AppSec tools (e.g., SAST, SCA, DAST).
• Experience of conducting threat modeling.
• Knowledge of programming languages.
• Risk Management.
• Skills in several IT security areas
• Good knowledge in regulatory compliance

LEADERSHIP SKILLS

• Ability to explain complex security concepts in simple terms.
• Quality oriented with high documentation and presentation skills.
• Ability to motivate Essity employees to maintain a security conscious behavior.

ABOUT THE ROLE

The Application Security Lead guides and support IT Teams in the design and implementation of a Secure Software Development Lifecycle. The role has also a broad responsibility to cover tasks in all parts of the Essity Information Security Management Process (ISMP). Each Information Security team member’s responsibility is defined annually and is assigned based on Essity’s current risk exposure as well as the team member’s competences and individual development goals. The job reports to Director Information Security (CISO).

WHAT YOU WILL DO

• Manage Essity’s application security programs.
• Closely collaborate with multiple development and delivery teams of various software product.
• Continuous drive threat intelligence and technology watch in selected area.
• Being a trusted security advisor and provide security guidance to Essity colleagues.
• Take decisions based on information security standard and instructions.
• Annually plan and set priorities for security services and programs within own responsibility.
• Assess the need for security documents, develop and maintain information security standard.
• Coordinate more advanced security programs, related to application security.
• Evolve Essity’s information security capabilities consistent with the risk portfolio.
• Manage established security services.
• Participate in internal and external audits.
• Monitor compliance towards Essity security standards. Follow up on remediating activities.
• Compile reports to IT Management providing assurance that InfoSec is being adequately addressed.