Head of Information Security

Дата:13 Июля
Квалификация:Participate in product development as key stakeholder responsible for security requirements and management
Develop, implement and maintain security regulations (policies and standards) according to established security framework (e.g. CIS Controls v8, CSA Cloud Controls, ISO 27001, SOC2, etc.)
Cooperate with delivery team to implement security regulations and procedures
Conduct security risk assessments and compliance checks to identify the effectiveness of controls and the derived risk status within the Company
Threat modeling
Analyze and evaluate risks of security relevant changes as well as identify vulnerabilities / security risks and draw up proposals for improvements and/or initiate countermeasures
Research, evaluate and recommend evolving Information & Cyber Security technologies
Foster a culture that promotes Information & Cyber Security within the Company and act as a bridge builder in areas of conflicts
Maintain relationships with key partners within the business units
Building security awareness and partnership with the management team
Monitoring of software updates to the latest versions
Regular penetration and vulnerability tests, including those involving external contractors
Data leak prevention implementation
Incident handling process implementation
Задачи:Develop a plan and launch the implementation of an information security system based for example on the selected Security Framework: CIS Controls v8, CSA Cloud Controls or SOC2:

Launch plan developed and approved
The company's key risks assessed
Risk treatment plan developed and agreed upon
Develop and launch an employee safety rule training process, establish a mechanism for monitoring their knowledge on the subject:

Training program developed and agreed upon
Webinars covering all necessary security domains based on risk assessment results
Ensure the implementation of a quality Access Management process and technical solution for all employees of the company:

Access Management platform launched
Implementation of MDM management system (+EDR part) together with IT team:

MDM management system (+EDR part) launched
Implementation of Security information and event management / Monitoring system & Incident Handling Process:

Monitoring system & Incident Handling Process launched