Information Security Officer
- Ukraine | Dnipro,Lviv, Mykolaiv
- Full Time
- Regular risk auditing and monitoring of systems.
- Compliance implementation, testing and reporting.
- Designing and testing of new IT solutions.
- Provision of business support at a high level and to a range of key stakeholders in relation to ongoing security improvements.
- Crisis management where required.
- Project management and project architecture.
- Review and analysis of delivered projects.
- Identify weaknesses and potential threats to existing information security toolsets.
- Perform continual testing on current systems to determine potential problems or security threats.
- Prepare reports for internal and external clients detailing the security issues, making recommendations and identifying solutions.
- Conduct cloud security reviews and network security assessments.
- Provide advice on hacking tools and techniques including advanced malware detection.
- Formulate an IT security incident response strategy and implement a method of notifying parties.
- Keep up to date with the latest thinking on secure coding and cyber-security issues.
- Support the business with a range of compliance requirements.
The candidate needs to have:
- Network administration skills to test internal systems such as firewalls and IPS/IDS devices to ensure networks are safe.
- Standards related to implementing a risk management framework including COBIT, ITIL, ISO 27001/2 and NIST.
- Common Knowledge of programming languages including, C, C++, C#, Java, SQL, Python etc.
- Windows, UNIX and Linux operating systems.
- Encryption technologies, ethical hacking and penetration testing.
- Compliance skills in relation to key legislations such as the Health Insurance Portability & Accountability Act (HIPAA), The Sarbanes-Oxley (SOX) Act of 2002, Payment Card Industry (PCI), The National Institute of Standards and Technology (NIST) and The Gramm-Leach Bliley Act (GLBA) and compliance assessments.
- Ability to manage the Internet protocol suite which is the computer networking model and set of communications protocols used on the Internet including TCP and IP.
Softer skills include:
- Ability to work as part of a team but also independently and on own initiative.
- Flexible approach to tasks that may change daily.
- Analytical ability to break down problems into constituent parts.
- Solid communication skills and expertise to translate technical jargon into business familiar language.
- Proven ability to audit an IT environment and provide security and process recommendations.
A bachelor’s degree in computer science, cyber-security or a related field including engineering, mathematics, Physics and other STEM subjects.
Certified Information Systems Security Professional (CISSP) accreditation and/or CISA is desirable.
Any one of the following certifications will be a definite plus.
Systems Security Certified Practitioner (SSCP), Certified Information Security Manager certification (CISM), Certified in Risks and Information Systems Control (CRISC), Qualification in Internal Audit Leadership (QIAL) / IIA (diploma or advanced diploma)/ISO27001 (auditor or implementer), Certified Protection Professional (CPP), Offensive Security Certified Professional (OSCP), Physical Security Professional (PSP), Security+ and CSA+.
- Three to five years’ experience of working on security projects for major organisations is desirable.
- Solid understanding of security assessment and management is required.
- Security design, architecture and implementation is necessary.
- Compliance management is essential.
- Great project management and communication skills is a requirement.
- In-depth knowledge of data protection regulations and technology supporting fraud detection.