Vacancy expired!
- Understand existing Information Security Policy and Standards that are in place
- Ensure information security policy, standards, processes, and procedures are implemented and managed properly
- Manage and perform delegated Information Security Projects, major activities, and requirements
- Identify, understand, and implement all information security requirements to ensure the required compliance established by local laws and regulations e.g. NIST requirements
- Concentrate on the protection of business processes, applications, and IT systems
- Protect sensitive information from disclosure to unauthorized individuals
- Ensure that new information systems and solutions are developed securely
- Manage Information Security issues ensuring them are solved or, if not possible, escalated to the RISO/CISO
- Evaluate information received from the monitoring and reviewing of Information Security incidents, recommend, take proactive and appropriate actions in response to identified Information Security incidents
- Audit current systems, procedures, and make recommendations for changes / improvements
- Lead Information Security Response Team when a major information security incident occurs: o Follow established Security Incident Response Plan o Coordination of security incidents, prevention, and mitigation o Conducting forensic investigations and data collection for security incidents that require them o Being contact point regarding incident management and IT incident investigations o Overall monitoring and supervision of security incident management o Determine incident urgency level for high and extreme security incidents o Requesting and activating a task force o Communicative conduit for all elements of the ISIRT o Authority over allocation of resources and makeup of the ISIRT o Authority to include additional optional members to the ISIRT
- Organize, conduct tests “ethical hacks” of the existing security solutions and support IT organization to understand and mitigate/solve identified vulnerabilities
- Track and trace the vulnerabilities mitigation/resolution
- Keep technical knowledge current through continuing education
- Develop and execute a plan to build an Information Security culture
- Respond customer questionnaires, surveys, audits, and meetings
- Support and provide advanced security consulting and architecture (includes data protection and business continuity requirements)
- Conduct vulnerability assessments to find weaknesses and analyze existing controls effectiveness and suggest remedial action
- Lead Information Security Concept implementation supporting other IT areas
- Conduct risk management and security concepts
- Conduct information security vendor assessments
- Participate on information security simulations
- Support vendor management from Information Security perspective
- Report residual risk, security exposures, vulnerabilities, noncompliance, and maltreatment of information assets to IT security management
- Manage Information Security agenda
- Ensure security controls are executed according to Information Security Target Model
- Participate actively in development of security policies, principles, architecture, and standards
- Business Partner o Create strong relationships with the regional / global IT community to ensure maximum leverage of resources / solutions to support local requirements o Support the Product Team by providing assistance in Information Security o Build strong working relationship with regional and country counterparts. Maintains close communication with stakeholders incl. Product, Service Level Management, Telecoms, vendors to ensure proper service provisioning and delivery into production o Report on SLA KPIs and Performance of the Information Security to stakeholders
- Understand existing IT Process/Services
- Minimum 3-5 years of experience in Information Security
- General experience at Servers, Network, Applications, End User Infrastructure level
- Strong understanding of OWASP Application Security Verification Standards
- Strong understanding of information risk and Information Security concepts (e.g. threats and vulnerabilities, the security controls required to reduce information risks)
- University bachelor degree in a business discipline or relevant education and work experience preferably in Computer Sciences, Cybersecurity
- CISSP, CISA, CISM, ITIL, and other IT related certifications
- Fluent in English (verbal and written) / Spanish not mandatory but desired
- Strong analytical, problem-solving, and communication skills
- Excellent service and project management skills with the ability to influence and negotiate