Application Security & Controls Specialist (DORA Programme)

Senior Application Security & Controls Specialist (DORA Programme) - Banking Client - Brussels / Paris

Duration: 1 year contract. Hybrid working - 8 days onsite per month in the Paris or Brussels office, the rest remote.

We are looking for an experienced and dynamic Senior Security Analyst to support DORA transformation through the design, implementation and embedding of new transversal security controls across the organization.

• Embed & operationalise new security controls by working with IT, Engineering, Architecture and CISO teams to integrate them into existing processes, tools and platforms.
• Support teams in understanding threats, risks and compliance expectations related to software supply chain, cryptography and application security.
• Identify gaps between current capabilities and new DORA requirements and provide actionable remediation recommendations.
• Contribute to the rollout, adoption and continuous improvement of newly introduced security controls.
• Perform targeted security assessments on applications, processes and technical components to evaluate compliance with the new security controls.
• Map system architectures, technology stacks and data flows to validate control applicability.
• Provide expert level advisory on secure implementation across different environments (on prem, mainframe, cloud).
• Collaborate closely with architects, engineers, developers, risk teams and control owners to support remediation plans and technical decisions.

• 5-10 years hands on experience designing or implementing information security controls, frameworks or processes.
• Proven experience in security risk assessment, application security or security governance.
• Strong expertise in at least several of the following areas: Software Supply Chain Security, SBOM management, Code integrity and build pipeline security, SAST/DAST/code analysis/ASPM, Data classification, Database encryption & key management, Cryptography governance & implementation.
• Solid knowledge of cybersecurity frameworks (ISO 27001, CIS, NIST, DORA).
• Good understanding of financial sector IT security regulatory requirements, especially DORA, ESMA and outsourcing regulation (plus).
• Fluency in English.
• Certifications such as CISSP, CSSLP, CCSP, CISM, CISMP, GCIH, CEH are an advantage.

• Strong communication and coordination skills; ability to engage effectively with stakeholders across diverse teams (Supply Chain, CISO, IT, etc.).
• Proactive, self motivated and comfortable working in a dynamic, continuously evolving environment.
• Strong analytical capabilities combined with creative problem solving skills.
• Structured and synthetic, able to deliver clear, concise and relevant responses to requests.
• Calm, organized and efficient under pressure, maintaining clarity even in uncertain situations.
• Collaborative mindset; able to work effectively with executives, business leaders and technical teams.
• Autonomous, well organized with strong prioritisation and time management abilities.