The position has been closed by the company
Find similar jobs
Next job

Head of the IT security department in Skarbnicya

Posted more than 30 days ago

2 views

Skarbnicya

Skarbnicya

0
0 reviews
2 years
Kyiv
Full-time work
The head office of the Commonwealth of Financial Institutions, directed to offline lending services, is looking for a Head of the IT Security Department. Your future function: Development and implementation of information security strategies in accordance with the needs of the organization and international standards. Assessment of potential risks for the safety of information exchange, taking into account threats, vulnerabilities and the consequences of vulnerabilities in information exchange p
The head office of the Commonwealth of Financial Institutions, directed to offline lending services, is looking for a Head of the IT Security Department. Your future function: Development and implementation of information security strategies in accordance with the needs of the organization and international standards. Assessment of potential risks for the safety of information exchange, taking into account threats, vulnerabilities and the consequences of vulnerabilities in information exchange protocols. Selecting appropriate security measures, such as encryption, authentication, access control, and monitoring, and configuring them to protect communication protocols. (HTTP, HTTPS, FTP, SFTP, SMTP, POP3, IMAP, DNS, SNMP). Organization and conducting of information security training for employees. Deployment and management of antivirus solutions to protect against viruses, malware and other threats. Monitoring, detection and removal of malicious code on the organization's computers and network. Development and implementation of measures to protect against distributed denial of service (DDoS) attacks, including network monitoring to detect and filter out such attacks. Implementation and management of DLP (Data Loss Prevention) systems to prevent leakage of confidential information from internal sources. Conducting analysis and scanning of systems for vulnerabilities according to OWASP standards or other similar standards and taking measures to eliminate them. Organization and implementation of means of protecting confidential information, in particular by using encryption to protect data stored in databases. Management and control of user access to the organization's systems and resources by establishing roles and access rights. . Development and implementation of network segmentation strategies to limit the spread of potential threats in the network. Implement and manage multi-factor authentication systems to provide an additional layer of security during login (as needed). Establishing and managing security policies and configurations on workstations through Active Directory (or other services used to manage users, groups, computers, and other network resources) to ensure standardization and security of the workstation environment. Preventing and countering client-side attacks (Client-side Attacks): — analysis of potential threats that may occur on the client side (Client-side Attacks), such as malicious programs, phishing attacks, use of vulnerabilities in web browsers, etc.; — creation of security policies and procedures aimed at preventing client-side attacks; — the selection and implementation of technical security measures that will help prevent attacks on the client side, for example, antivirus software, firewalls, antispam, etc. prevention and countering attacks of interception, HTTP response splitting (HTTP Response Splitting) and cross-site request forgery (Cross-Site Request Forgery, CSRF) analysis of IT processes using ISO and CoBiT approaches to assess cyber security. — verification of compliance of existing IT processes with the requirements of security standards, such as ISO 27001 (standard for information security management systems) and CoBiT (controlledand control in the field of information technologies); — assessment of potential security risks arising from non-compliance with ISO and CoBiT standards; — analysis of vulnerabilities, threats and possible consequences for information security and IT infrastructure; — coordination of the implementation of recommendations and requirements arising from ISO and CoBiT standards to improve cyber security, in particular through the implementation of security policies, technical measures and security control procedures. Our candidate should be able/know: Deep understanding of information security management principles and methods. Experience in the development and implementation of security strategies and related policies. Knowledge of international standards such as ISO 27001, NIST Cybersecurity Framework or similar. Expertise in identifying and analyzing information security risks and developing appropriate risk mitigation strategies. Ability to manage information security projects and the ability to effectively communicate with different levels of personnel. Knowledge of technologies and methods of access restriction and data protection. General requirements: Experience in the field of information security for at least 3 years, including experience in management positions. Preference will be given to candidates who have experience in similar positions in the State Special Communications, the Security Department of the NBU, the Ministry of Digital, or in banks. Higher education in the field of information technology, computer science or equivalent qualification. Excellent communication skills and the ability to cooperate with by other departments of the organization. The ability to work under conditions of high pressure and a rapidly changing environment. The desire to constantly maintain one's knowledge and improve skills in the field of information security. Conditions: Official employment from the first working day; work schedule: 09:00 - 18:00, or 10: 00 — 19:00 5/2 (the possibility of a hybrid schedule); social guarantees according to the Labor Code of Ukraine, including a high income and paid vacation; the opportunity to realize yourself in a system company, apply the acquired experience and initiate changes, professional growth, interesting projects, training and development.
2 years
Kyiv
Full-time work
Want to get related jobs?
New job openings in your Telegram
Subscribe
We use cookies
accept