Business Director - Information Security and IT Risk (recruitment)
Sumitomo Mitsui Finance Dublin Limited (SMFD) is a wholly owned subsidiary of SMBC and is growing rapidly as a Centre of Excellence for the bank's universal banking business across EMEA. It provides a range of technology and operational support services, aligned to SMBC's growth, innovation, and transformation strategies.
What you'll do:
* Automated Security Pipelines - Design and implement enterprise-grade security assessment pipelines integrating SAST, DAST, IAST, and SCA tools into CI/CD workflows.
* Infrastructure as Code Security - Integrate security testing into IaC workflows (Terraform, CloudFormation), ensuring security by design in automated deployments.
* Hybrid Environment Coverage - Support cloud-native (Azure, GCP) and on-prem infrastructure with tailored assessment strategies.
* Ephemeral & Traditional Infrastructure - Implement pre-deployment validation for immutable resources and architect scanning solutions for long-lived assets using network and agent-based tools.
* Policy-as-Code Governance - Establish frameworks for automated enforcement of security baselines and compliance requirements.
* Shift-Left Security - Collaborate with DevOps and platform teams to embed security early in the software delivery process.
* Tooling & Innovation - Continuously evaluate emerging security tools and techniques, ensuring alignment with evolving threats and technologies.
* Security Architecture Guidance - Provide governance, secure design patterns, and best practices for security automation.
What you'll bring:
* Strong knowledge of CI/CD security integrations and DevSecOps principles.
* Proficiency in security assessment tools (SAST, DAST, IAST, SCA) and pipeline automation.
* Expertise in CI/CD security, DevSecOps, and automation of security assessments (SAST, DAST, IAST, SCA).
* Hands-on with Infrastructure as Code security (Terraform, CloudFormation) and Policy-as-Code (Azure Policy, OPA).
* Experience securing hybrid/multi-cloud (Azure, GCP) and on-prem environments.
* Strong knowledge of security frameworks (NIST CSF, ISO 27001/2, CIS) and secure design principles.
* Skilled in threat modelling, Zero Trust, Least Privilege, and Network Segmentation.
* Familiar with SSDLC, governance, risk, compliance, and secure coding practices.
* Understanding of architectural patterns (Multi-Tier, Microservices, Event-Driven) and frameworks (TOGAF, SABSA).
* Have the right to work in Ireland and happy to work on site in Dublin (hybrid working model).
All third-party applications will be managed by Robert Walters.
Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates
#J-18808-Ljbffr