Senior Information Security Consultant
|Требования:||Perform risk assessments and security audits.|
Evaluate the efficiency, effectiveness and compliance of operation processes with corporate security policies and related security regulations.
Review or interview personnel to establish security risks and complications.
Determine the most effective way to protect organization's assets against possible attacks. Develop rigorous "best practice" recommendations to improve security on all levels.
Define, implement, ensure and maintain corporate security policies.
Create and execute awareness program.
Perform periodic security reporting (both: executive and technical).
Collaborate with departments to improve security compliance, manage risk and bolster effectiveness.
Respond to security-related incidents and provide a thorough post-event analysis.
Participate in customer information security compliance process. Identify and satisfy customer requirements related to information security.
Define and apply secure coding guidelines and standards.
Research security vendors, standards, security systems and solutions.
Prepare cost estimates and identify integration issues.
Provide technical supervision for (and guidance to) a corporate security team.
Provide subject matter expertise in information security for internal / external requests.
Manage the identity and access provisioning lifecycle.
Participate in Business Continuity / Disaster Recovery planning and exercises.
Work as a team member performing any and all functions necessary for the successful operation of the Corporate Security department.
|Квалификация:||5+ years of experience in information security.|
3+ years of managerial experience.
Certification: CISSP, CISM, CEH, CISA, ISO 27001 LA will be a significant advantage.
Critical thinking and problem-solving skills.
Planning and organizational skills.
Strong project management, written and oral communications skills.
Ability to work close with a broad range of stakeholders.
Preferably technical university degree (information or cyber security, computer science etc.).
English - upper-intermediate or higher.
Experience in developing / maintaining ISMS.
Knowledge of security frameworks / standards (e.g. ISO 27001, SOC2, NIST, HIPAA, PCI DSS, GDPR, ITIL, Cobit etc.).
Ability to conduct readiness / gap assessments, provide recommendations.
Understanding of international information security laws / regulations.
Understanding of GRC framework.
Understanding of secure coding practices, ethical hacking, threat modeling, secure SDLC process.
Understanding of DR / BCP.
Experience in defining security requirements as well as evaluating and selecting appropriate information security controls.
Understanding of IT and information security trends, challenges.
Knowledge of security vendors, systems and solutions.
Ability to deal with incomplete, poorly defined or undocumented requirements.
|Контакты:||Contact person: Khrystyna Vashchyshyn|
Contact phone: 380673711317