Security Specialist

About us:

The Digital & Data department of Íslandsbanki is a collaborative group of software development professionals who work together following best practices and processes to deliver high-quality software solutions and capabilities.

• We believe in agile methodologies and cross-team synergy in product ideation and delivery

• We reach our development goals by encouraging team autonomy, employing a modern technology stack and automated processes, deployment pipelines, testing, and quality gates

As a Security Specialist, you will take ownership of security assessments, risk management, and process implementation in compliance with key regulations, including DORA, PSD2, and ISO27001. You will work closely with cross-functional teams to embed security practices in the development lifecycle, ensure an effective response to security incidents, and drive continuous improvement across the bank’s cybersecurity strategy.

This is a high-impact role for a proactive, detail-oriented security professional with strong technical depth, a collaborative mindset, and the ability to manage multiple complex projects in a fast-paced environment.

Responsibilities:

• Security Testing: Perform static (SAST), dynamic (DAST), interactive (IAST), and mobile application security testing (Android and iOS). Work with teams to implement fixes and improve security posture.

• Secure Code Review: Review code for security flaws and ensure alignment with coding standards and best practices. Integrate security into the software development lifecycle.

• Security Training: Lead security training initiatives for developers, QA teams, and other stakeholders to foster a culture of security awareness.

• Vulnerability Identification and Remediation: Regularly assess IT systems for security vulnerabilities. Collaborate with development teams to remediate identified risks through secure coding practices, dynamic testing, and other mitigation techniques.

• Compliance Management: Ensure that security processes align with regulatory frameworks (DORA, PSD2, ISO27001) and conduct regular audits and assessments to maintain compliance.

• Threat Modelling: Analyse applications and systems to identify potential threats and attack vectors. Develop and maintain threat models to prioritize security efforts.

• Incident Response: Participate in incident response activities by investigating, containing, and mitigating security breaches, working closely with response teams.

• Cross-Team Collaboration: Support cross-organizational efforts to develop security standards and processes. Work with stakeholders to promote secure development practices across the organization.

• Process Improvement: Continuously refine security assessment and risk management processes to improve efficiency and effectiveness.

• Stakeholder Communication: Build positive working relationships with stakeholders and leadership, providing clear insights and guidance on security matters.

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience.

• 4+ years of experience in cybersecurity, application security, or a related field.

• Proven experience working with cross-functional or cross-team security projects.

• Familiarity with regulatory standards and frameworks such as DORA, PSD2, and ISO27001.

• Strong analytical and problem-solving skills, with the ability to think creatively and drive security improvements in a dynamic environment.

• Ability to collaborate effectively with technical and non-technical teams, with strong communication and influencing skills.

• Relevant application security certifications are highly desirable.

• Experience with cloud computing, networking, cloud application design, and development processes.

• Proficiency in program management and the ability to handle multiple projects simultaneously.

• Understanding of modern AppSec, DevSecOps and SecOps practices.

• Self-motivated and able to work independently with limited supervision.