JOIN OUR TEAM
At Levi Nine we are passionate about what we do. We love our work and together in a team we are smarter and stronger. We work in a dynamic and challenging environment with talented and forward-thinking people who are part of creative and innovative teams. We are looking for skilled team players who make change happen. Are you one of these players?
OUR PARTNER:
Our partner, ABN AMRO Clearing, is a global leader in the domain of clearing, offering access to a wide range of listed instruments on markets across the globe.
IT is at the heart of their organization with more than 30 different product teams and 10 different platform teams that are trying to build the best products & services for their customers.
Their presence in important financial centers like Amsterdam, Chicago, Sydney, Singapore, Tokyo Hong Kong, London, Sao Paulo, Frankfurt and Iasi, allows them to effectively serve clients worldwide and maintain close proximity to their diverse customer base.
THE ROLE INVOLVES:
Our partner's Global Security Function consists of five specialized teams with approximately 50 security professionals, working together to protect their business, clients and platforms. The Security Assurance team is responsible for ensuring that their technology landscape meets the highest security and regulatory standards.
The Information Security Assurance Specialist performs security assessments across applications, platforms, infrastructure and cloud environments.
The role focuses on threat modelling, threat led assurance, self-attestation validation, cloud security risk assessment, change driven security review, and risk and control determination.
Broad technical expertise is required across a diverse IT landscape, including on premise environments, SaaS solutions, AWS, IBM technologies, databases, middleware, APIs and container platforms.
You will work closely with global stakeholders, product teams and engineering groups to identify security risks early, communicate findings clearly and provide actionable, risk-based recommendations.
Strong communication skills, analytical capability and stakeholder management experience are essential for success in this role.
This position plays a key part in enhancing the organization's security posture and ensuring alignment with internal policies, regulatory expectations and global security standards.
Responsibilities:
Plan, organize and execute the security reviews for applications, platforms and infrastructure.
Validate guardrail/self-attestation assessments for accuracy and control effectiveness.
Assess security controls across on prem, hybrid and cloud environments.
Review SOC 2, ISO 27001, penetration testing reports and vendor security documentation.
Produce high quality assurance reports with clear risk ratings and actionable recommendations.
Track and validate remediation and mitigation activities through closure.
Facilitate structured threat modelling sessions following internal practices.
Integrate threat intelligence into all assurance activities.
Translate threat model outputs into security requirements and control recommendations.
Conduct security risk assessments for major changes and infrastructure transformations.
Support application owners and their developers with self-attestation. Influence decisions by presenting risk-based recommendations.
Give security advice, including how to solve security issues.
Translate complex technical risks into business aligned language.
Contribute towards security awareness to enhance organization risk culture.
Obtain and maintain security knowledge & certifications.
TECHNICAL PLAYGROUND:
8+ years of experience as a Security Specialist.
CISSP certification.
Extensive experience with all aspects of application security and the capacity to perform a security assessment of applications and IT infrastructure.
Experience with facilitating threat modeling, STRIDE and/or MITRE attack.
Cloud security knowledge for SaaS and AWS.
Experience with reviewing SOC2 assurance reports, ISO certification and penetration testing report.
Experience with Information Security documentation, report writing, reviewing and consulting.
Technical knowledge & background - the role is about IT security and less about information security.
The ability to use relevant threat intelligence as input for all security risk assessments.
Experience with senior stakeholder management.
NICE TO HAVE:
Experience with IriusRisk.
Development life-cycle knowledge, e.g. secure SDLC and security by design.
Interviewing skills.
Other Information Security professional qualifications such as CCSP, CEH, CISA, CISM.
Background or understanding of financial services, clearing, and risk management.
Relevant university degree in Computer Science, Engineering, or a related field.
SOFT SKILLS:
Fluent English, with excellent written and verbal communication skills.
Flexible and adaptive working attitude - self-motivated and taking ownership.
Strong interpersonal and assertive communication skills, great team member.
Problem solving and troubleshooting skills.
Desire to continuously learn about security and improve in a complex, rapidly evolving environment.
