Application Security & Controls Specialist (DORA Programme)

Senior Application Security & Controls Specialist (DORA Programme) – Banking Client – Brussels / Paris

Duration: 1 year contract

Rate: Flexible

Hybrid Working – 8 days onsite per month in the Paris or Brussels office, the rest is remote working

About the Role:

We are looking for an experienced and dynamic Senior Security Analyst to support DORA transformation through the design, implementation, and embedding of new transversal security controls across the organization.

In this role, you will contribute to the definition, rollout, and continuous improvement of security capabilities in domains such as software supply chain security, SBOM management, security code review, data classification, database encryption, cryptography policy implementation, and code integrity management.

To achieve this, you will work closely with multi‑functional teams across the organization and will be exposed to a diversified set of topics, business areas, and technologies.

Your responsibilities:

• Embedding & Operationalisation of new security controls
• Work with IT, Engineering, Architecture, and CISO teams to integrate new controls into existing processes, tools, and platforms.
• Support teams in understanding threats, risks, and compliance expectations related to software supply chain, cryptography, and application security.
• Identify gaps between current capabilities and new DORA requirements and provide clear, actionable remediation recommendations.
• Contribute to the rollout, adoption, and continuous improvement of newly introduced security controls.

• Security Advisory
• Perform targeted security assessments on applications, processes, and technical components to evaluate compliance with the new security controls.
• Map system architectures, technology stacks, and data flows to validate control applicability.
• Provide expert‑level advisory on secure implementation across different environments (on‑prem, mainframe, cloud).
• Collaborate closely with architects, engineers, developers, risk teams, and control owners to support remediation plans and technical decisions.

Experience

• 5-10 years of hands-on experience in designing or implementing information security controls, frameworks, or processes.
• Proven experience in security risk assessment, application security, or security governance.
• Strong expertise in at least several of the following areas:
• Software Supply Chain Security
• SBOM management
• Code integrity and build pipeline security
• SAST / DAST / code analysis / ASPM (Application Security Posture Management)
• Data classification
• Database encryption & key management
• Cryptography governance & implementation
• Solid knowledge of cybersecurity frameworks (ISO 27001, CIS, NIST, DORA)
• Good understanding of financial‑sector IT security regulatory requirements, especially DORA, ESMA, and outsourcing regulation is a plus.
• Fluency in English.
• Certification such as CISSP, CSSLP, CCSP, CISM, CISMP, GCIH, CEH, etc. is an advantage.
• Strong communication and coordination skills, with the ability to engage effectively with stakeholders across diverse teams (Supply Chain, CISO, IT, etc.).
• Proactive and self‑motivated, comfortable working in a dynamic and continuously evolving environment.
• Strong analytical capabilities combined with creative problem‑solving skills.
• Structured and synthetic, able to deliver clear, concise, and relevant responses to requests.
• Calm, organized, and efficient under pressure, maintaining clarity even in situations of uncertainty.
• Collaborative mindset, able to work effectively with executives, business leaders, and technical teams.
• Autonomous and well‑organized, with strong prioritization and time‑management abilities.

Soft Skills

• Strong communication and coordination skills, with the ability to engage effectively with stakeholders across diverse teams (Supply Chain, CISO, IT, etc.).
• Proactive and self‑motivated, comfortable working in a dynamic and continuously evolving environment.
• Strong analytical capabilities combined with creative problem‑solving skills.
• Structured and synthetic, able to deliver clear, concise, and relevant responses to requests.
• Calm, organized, and efficient under pressure, maintaining clarity even in situations of uncertainty.
• Collaborative mindset, able to work effectively with executives, business leaders, and technical teams.
• Autonomous and well‑organized, with strong prioritization and time‑management abilities.

Please do send an up to date CV to eobiechefu@welovesalt.com

*Rates depend on experience and client requirements