Обязанности:
TARGETS OF THE POSITION:
• Develop, implement, and manage security strategies to protect the organization's IT infrastructure from cyber threats;
• Collaborate closely with Global & Regional IT, Risk Management, Compliance and local management to maintain secure and resilient cybersecurity posture;
• Oversee the design and implementation of security solutions, conduct regular security assessments, manage incident response efforts and ensure continuous improvement of the organization's security framework;
• Organize and conduct trainings for staff on security awareness and best practices, fostering a culture of security throughout the organization.
MAIN TASKS:
• Develop and implement a cybersecurity strategy that aligns with business objectives, regulatory requirements, and IT roadmaps.
• Establish and enforce security frameworks, policies, and controls to comply with HIPAA, GDPR, NIST 800-53, HITRUST, and ISO 27001.
• Oversee enterprise risk management, ensuring cybersecurity risks are identified, assessed, and mitigated through proactive measures.
• Define and track security KPIs and KRIs, using data-driven insights to improve security operations and risk mitigation.
• Lead security risk assessments, vulnerability management, and penetration testing to identify and address threats.
• Oversee the incident response program, ensuring rapid detection, investigation, and resolution of security incidents.
• Collaborate with IT teams to integrate security into DevSecOps pipelines, cloud environments, and network architectures.
• Ensure ongoing security awareness training to educate employees on social engineering, phishing, and cybersecurity best practices.
• Manage SIEM solutions (target solution: Kaspersky, RedCheck as an advantage: Splunk, Microsoft Sentinel, IBM QRadar) and oversee SOC operations for threat monitoring.
• Implement and maintain IAM strategies, enforcing multi-factor authentication (MFA), role-based access control (RBAC), and least privilege principles.
• Monitor compliance with data protection policies, endpoint security (EDR), and email security measures to prevent data breaches.
• Conduct regular security audits and forensic analysis, ensuring continuous improvement of security controls and responses.
• Conduct compliance with the requirements of laws and regulations on personal data protection (152 Russian LAW)
• Represent the organization in regulatory audits, compliance reviews, and third-party security assessments.
• Drive cybersecurity innovation, staying ahead of emerging threats and adopting advanced security technologies.
Требования:
• Bachelor’s or Master’s degree in Cybersecurity, Information Security, Computer Scienceor a related field;
• Minimum of 5+ years of experience in IT security
• Relevant certifications such as CISSP, CISM, CEH, or equivalent are highly desirable;
• Extensive experience with cloud security and zero-trust architectures;
• Proven experience in developing and implementing security policies, procedures, and protocols;
• Hands-on experience with security technologies such as firewalls, intrusion detection/prevention systems, SIEM, endpoint protection, and encryption solutions;
• Good working knowledge of English (Upper-intermediate);
• Cloud Security: Expertise in securing cloud environments such as Yandex Cloud, AWS, Azure, and GCP, including knowledge of cloud-native security tools and best practices (AWS CS, ASE, GPCSE);
• Network Security: Proficient in designing and implementing network security measures, including firewalls, VPNs, IDS/IPS, and network segmentation. (CCNP Security, Security+);
• Security Information and Event Management: Hands-on experience with SIEM tools such as Splunk, QRadar, and ArcSight for threat detection and incident response;
• Vulnerability Management: Proficient in conducting vulnerability assessments and penetration testing using tools like xSpider, RedCheck, Nessus, Qualys, and Metasploit. (OSCP, CPT);
• Compliance and Regulatory Standards: Familiar with industry standards and regulations such as ISO 27001 or NIST for ensuring compliance and managing risk. (ISO 27001 LI, CISA).
Условия:
• Work format: 4 days from the office, 1 day remote work
• VHI, life insurance, cancer insurance
• Transport allowance
• Annual bonus
Отклик на вакансию
