Head of Information Security Office

REQUIREMENTS

• 5+ years of experience in information security
• 3+ years of managerial experience
• Good understanding of cyber security, cloud security, network and application security, mobile security, security testing
• Knowledgeable of current and emerging security and information technology standards and practices
• Design, developing, deployment, and audit experience of firewalls, intrusion detection / prevention systems, virtual private networks, network segmentation and isolation, security incident and event management, endpoint detection and response, data loss detection / prevention, vulnerability scanners, database security, encryption, endpoint protection, mobile device management and Wi-Fi security; identity and access management / role based access control
• Provide quality assurance and control over security technologies
• Hands on experience with network, system security architecture and technical audits, system hardening
• Hands on experience on security architecture design and implementation for large organization
• Understanding of professional and managed security services. Experience with presale / post sale activities, system integration
• Security Operation Center maturity assessment. Security tools tuning and optimization
• Service management
• Experience with simultaneous ISO 27001, SOC2, PCI DSS, HIPAA and customer requirements compliance. Requirements mapping
• Practical deployment of OWASP, NIST, SANS best practices
• BCP / DR implementation and review
• Maintain secure software development life cycle
• Strong project/program management and facilitation skills
• Experience on security policy, standards and procedures development

PERSONAL CHARACTERISTICS

• Collaborative, customer-focused and able to create visible value
• Analytical mind set
• Initiative and proactive
• Responsible and reliable
• Well-organized
• Self-motivated

RESPONSIBILITIES

• Develop and maintain short- and long-term corporate information security plans / projects aligned with business objectives
• Establish and maintain strong relationships with both senior and operating level business leaders to ensure alignment to customer and business needs while prioritizing key initiatives
  Plan, coordinate corporate information security department activities
• Actively manage objectives, identify potential gaps, and develop improvement plans
• Effectively inform stakeholders about the status of the information security posture
• Coordinate the development and review of information security policies, standards and procedures
• Acquire a complete understanding of a company’s technology and information systems
• Keep abreast of new technology and recommendations for the company
• Plan, research and design robust network and system security architecture
• Enforce systems development, deployment and operation according to information security policies
• Responsible for risk, identity, incident management; compliance and audits, security architecture, secure software development life cycle, security operations center etc
• Anticipate new information security threats and stay-up-to-date with evolving infrastructures
• Develop strategies to handle information security incidents and coordinate investigative activities
• Prepare financial forecasts for information security operations
• Prioritize and allocate information security resources correctly and efficiently
• Provide leadership, training and technical advice to corporate information security team. Identify and address training and career development needs
• Responsible for department and individual performance assessments and improvement plans
• Serve as the lead information security technical liaison between customer staffs and other supporting entities
• Coordinate the development and delivery of an education and training program on information security and privacy matters for stakeholders
• Review, approve and recommend changes to the existing and proposed systems, as needed, to address gaps in the existing information security posture
• Review firewall, switch, router, server, workstation and virtual environment configurations
• Work with stakeholders to produce / maintain comprehensive documentation on network architecture, deployed systems and applications

WHAT WILL YOU GET WITH ELEKS

• Close cooperation with a customer
• Challenging tasks
• Competence development
• Team of professionals
• Dynamic environment with a low level of bureaucracy

ABOUT ELEKS