About us: The Digital & Data department of Íslandsbanki is a collaborative group of software development professionals who work together following best practices and processes to deliver high-quality software solutions and capabilities. We believe in agile methodologies and cross-team synergy in product ideation and delivery We reach our development goals by encouraging team autonomy, employing a modern technology stack and automated processes, deployment pipelines, testing, and quality gates  As a Security Specialist, you will take ownership of security assessments, risk management, and process implementation in compliance with key regulations, including DORA, PSD2, and ISO27001. You will work closely with cross-functional teams to embed security practices in the development lifecycle, ensure an effective response to security incidents, and drive continuous improvement across the bank’s cybersecurity strategy.This is a high-impact role for a proactive, detail-oriented security professional with strong technical depth, a collaborative mindset, and the ability to manage multiple complex projects in a fast-paced environment. Responsibilities: Security Testing: Perform static (SAST), dynamic (DAST), interactive (IAST), and mobile application security testing (Android and iOS). Work with teams to implement fixes and improve security posture. Secure Code Review: Review code for security flaws and ensure alignment with coding standards and best practices. Integrate security into the software development lifecycle. Security Training: Lead security training initiatives for developers, QA teams, and other stakeholders to foster a culture of security awareness. Vulnerability Identification and Remediation: Regularly assess IT systems for security vulnerabilities. Collaborate with development teams to remediate identified risks through secure coding practices, dynamic testing, and other mitigation techniques. Compliance Management: Ensure that security processes align with regulatory frameworks (DORA, PSD2, ISO27001) and conduct regular audits and assessments to maintain compliance. Threat Modelling: Analyse applications and systems to identify potential threats and attack vectors. Develop and maintain threat models to prioritize security efforts. Incident Response: Participate in incident response activities by investigating, containing, and mitigating security breaches, working closely with response teams. Cross-Team Collaboration: Support cross-organizational efforts to develop security standards and processes. Work with stakeholders to promote secure development practices across the organization. Process Improvement: Continuously refine security assessment and risk management processes to improve efficiency and effectiveness. Stakeholder Communication: Build positive working relationships with stakeholders and leadership, providing clear insights and guidance on security matters.  Qualifications: Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience. 4+ years of experience in cybersecurity, application security, or a related field. Proven experience working with cross-functional or cross-team security projects. Familiarity with regulatory standards and frameworks such as DORA, PSD2, and ISO27001. Strong analytical and problem-solving skills, with the ability to think creatively and drive security improvements in a dynamic environment. Ability to collaborate effectively with technical and non-technical teams, with strong communication and influencing skills. Relevant application security certifications are highly desirable. Experience with cloud computing, networking, cloud application design, and development processes. Proficiency in program management and the ability to handle multiple projects simultaneously. Understanding of modern AppSec, DevSecOps and SecOps practices. Self-motivated and able to work independently with limited supervision.