Job Description

You may apply to Tietoevry by selecting Apply and fill your application details to the form. You may also Apply by using LinkedIn and populate details to your application from your LinkedIn profile.Form Of Employment: Permanent, full time. Possibility for hybrid working.Organization: Tietoevry Care, LaboratoryLocation: PuneSupervisory organization: Care LaboratoryHiring Manager: Vikram DeshpandeTietoevry Care leads the digitization of Nordic Health- and social care.Healthcare and Welfare is undergoing a digital transformation, where huge investments are being made throughout the entire care chain. Tietoevry Care is an important supplier to this digitization, by creating efficient and secure solutions with a focus on safer care.Our solutions include electronic records, Clinical specialist systems, Welfare systems for Elderly and Family care and advanced Data analysis. We also offer services and solutions in archiving, business consulting, integration as well as application development and support.Sweden, Finland and Norway are our three main markets and with over 1,500 colleagues within Tietoevry Care, we have a unique position and capacity within the health and welfare sector across the Nordic region. We also have colleagues in Poland and India, which makes us a global company with great opportunities for learning.Do you want to work with modern technology for the next generation of offering to our industry and society? As a Security Specialist in Tietoevry Care, Laboratory you will take part in an exciting journey developing the product portfolio of tomorrow. Our company is growing, and now we are looking for great people to join us!We are seeking individuals that will work passionately to ensure that relevant and best-practices, security standards are implemented thus reducing risk exposure of products and services. You will be a key stakeholder in ensuring security preparedness for software products and services.Your key focus :

• You will be the single point of contact for the Security strategy for the entire unit.

• Drive the technical and practical implementation of security practices for the unit.
• Working and maintaining the security improvement backlog etc.
• Work with security leads of team and coach them to improve security posture of each product / discipline.
• Evaluate and improve security operations processes and procedures for efficiency and effectiveness.
• Responsible for supporting, guiding, and reviewing security descriptions of products and services.
• Responsible for monitoring and follow-up security incidents and security risks. Run regular retrospective sessions identifying patterns and vulnerabilities.

• Implement and maintain security processes and procedures. Create and support security documentation.
• Participate in preparation and conduction of external audit activities (ISO, ISAE and other).
• Drive internal security audits/assessments like ISO 27001-2022.
• Integrate security tools in CI to improve code quality and ShiftLeft to find issues early.
• Exposure to mobile application security is added advantage.
• Exposure to implement and review Cloud security.
• You are up to date on the development of security standards and threats.
• You are aware about the following frameworks :

• OWASP
• NIST Cybersecurity Framework (CSF)
• MITRE ATT&CK Framework

• Hands on experience on Tools

• At SAST e.g., SonarQube and similar
• SCA e.g., OWASP Dependency check , track and similar
• DAST e.g., OWASP ZAP , burp suite and similar.

• Awareness about GDPR
• Good to have Certifications like : CISSP , CISM , CCSP , ISO 27001:2022 etc.

We expect you to have:

• Higher education in relevant technology area
• 12-14 years of total IT experience
• 3+ years of experience in relevant work with information security
• Good problem solving and analytical skills and attention to detail
• Good oral and written communication skills (English)

As a person you are

• always eager to learn more and enjoy sharing and increasing your knowledge while working with others.
• highly engaged and interested in security related matters.
• a result driven individual who can work together with others as well as independently as needed, with the ability to work under pressure.

What we offer:We offer you an exciting and challenging role in a prominent organization within the municipal market industry. You will get opportunities for professional growth in a team-oriented organization. You will cooperate with colleagues in an international and evolving working environment and get the opportunity to develop your professional skills together with others. You will get the opportunity to drive and shape our work related to security.

Tietoevry