work from home
Job title: Senior advisor in Security Governance - SME Cryptography
Expertise: Governance and security architecture, cryptography operations, payment solutions & services.
Important: A good combination of the following areas of expertise is sought:
Expertise in Security Governance, applied to cryptography.
Expertise in Security Architecture, applied to cryptography.
Expertise concerning Operational Security activities, applied to cryptography operation management.
Expertise concerning the processes, procedures, roles and responsibilities (RACI), applied to the cryptography management.
Expertise concerning good practices, norms, standards and conformities, applied to cryptography and cryptography for payment solutions and systems.
Technical expertise in cryptography, applied to payment industry/electronic payment solutions and systems in the banking and infrastructure (HSM, PKI/CA, KMS, Vault, crypto-cards, Central, etc.).
Expertise regarding physical security and data center requirements, applied to cryptography.
Expertise concerning cryptography services (ie: service catalog), processing requests and the one-stop shop for processing cryptography requests services.
Very good knowledge of French and English with excellent writing skills.
Very good knowledge of the Agile method with an excellent ability to deliver MVP in Sprints mode.
Available to work in the UTC-05:00 time zone between 8:00 a.m. and 5:00 p.m.
You actively contribute to operational security governance activities related to cryptography and cryptography management (ie: for payment, electronic banking, tokenization, data encryption, audit preparation, etc.) in the security governance team.
You will have an advisory and support role with dedicated customers and partners, in the context of various important development mandates, to carry out interventions in connection with operational security team for the management of cryptography operation, the integration of application with cryptography services, and for resolution of major technological security events.
You will have to interact with various stakeholders working in complementary areas of expertise, related to technology and security; mastering interpersonal skills (soft skills) is essential.
1. Respond to requests for cryptography security governance and/or architecture.
2. Respond to requests for integration of cryptography in business applications services.
3. Respond to cryptography requests for payment solutions.
4. Respond to cryptography requests from internal audit.
5. Write standard about cryptographic security requirements.
6. Contribute to other related requests with the crypto team.
Bachelor's or Master's degree in an appropriate discipline with a minimum of 8 years of relevant experience (or a DEC with a combination of training and years of relevant experience could be considered).
1. Very good technical knowledge in cryptography (eg: key type, protocols, algorithms, hash functions, tokenization, BYOK/HYOK, NIST, FIPS 140-2, etc.).
2. Very good knowledge of payment systems and PCI DSS, PCI PIN, SWIFT, etc.
3. Very good knowledge of processes & procedures related to payment associations (eg Visa, MasterCard, Interac, etc.).
4. Very good knowledge of key management and encryption methods, and their integration into business applications.
5. Very good knowledge and understanding of encryption methods (data at rest and in transit), their use and the management of symmetric keys.
6. Very good knowledge of HSM (Hardware Security Module) and security vaults (KMS, HashiCorp Vault, etc.).
7. Very good knowledge of PKI, CA, management of TLS/SSL certificates and digital signature.
8. Very good knowledge of cryptography roles & responsibility, and processes.
9. Very good knowledge of NIST and cryptography standards (SP 800-57 rev4, SP 800-63-3, SP 800-63A, SP 800-63B, SP 800-63C, RFC-3647, etc.).
10. Very good knowledge of DevOps, CI/CD automation tools (eg: Kubernetes, Ansible, HashiCorp, Jenkins, GitHub, etc.) and Cloud Services.