The head office of the Commonwealth of Financial Institutions, directed to offline lending services, is looking for a Head of the IT Security Department. Your future functionality: 1. Development and implementation of information security strategies in accordance with the needs of the organization and international standards. 2. Assessment of potential risks to the security of information exchange, taking into account threats, vulnerabilities and the consequences of vulnerabilities in informatio
The head office of the Commonwealth of Financial Institutions, directed to offline lending services, is looking for a Head of the IT Security Department. Your future functionality: 1. Development and implementation of information security strategies in accordance with the needs of the organization and international standards. 2. Assessment of potential risks to the security of information exchange, taking into account threats, vulnerabilities and the consequences of vulnerabilities in information exchange protocols. Selecting appropriate security measures, such as encryption, authentication, access control, and monitoring, and configuring them to protect communication protocols. (HTTP, HTTPS, FTP, SFTP, SMTP, POP3, IMAP, DNS, SNMP).3. Organization and conducting of trainings on information security issues for employees. 4. Deployment and management of anti-virus solutions to protect against viruses, malware and other threats. 5. Monitoring, detection and removal of malicious code on computers and in the organization's network. 6. Development and implementation of measures to protect against distributed denial of service (DDoS) attacks, including network monitoring to detect and filter out such attacks.7. Implementation and management of DLP (Data Loss Prevention) data loss protection systems to prevent leakage of confidential information from internal sources. 8. Conducting analysis and scanning of systems for vulnerabilities according to OWASP standards or other similar standards and taking measures to eliminate them. 9. Organization and implementation of means of protecting confidential information, in particular by using encryption to protect data stored in databases. 10. Management and control of user access to the organization's systems and resources by establishing roles and access rights. 11. Development and implementation of network segmentation strategies to limit the spread of potential threats in the network. 12. Implementation and management of multi-factor authentication systems to provide an additional layer of security during login (as needed). 13. Establishing and managing security policies and configurations on workstations through Active Directory (or other services used to manage users, groups, computers, and other network resources) to ensure standardization and security of the workstation environment. 14. Prevention and countermeasures against client-side attacks (Client-side Attacks):- analysis of potential threats that may occur on the client-side (Client-side Attacks), such as malicious programs, phishing attacks, use of vulnerabilities in web browsers, etc.;- creation security policies and procedures aimed at preventing client-side attacks; - selection and implementation of technical security measures that will help prevent client-side attacks, for example, anti-virus software, firewalls, anti-spam, etc. 15. prevention and countermeasures against attacks of interception, HTTP response splitting (HTTP Response Splitting) and cross-site request forgery (Cross-Site Request Forgery, CSRF)16. analysis of IT processes when using ISO and CoBiT approaches to assess cyber security. - verification of compliance of existing IT processes with the requirements of security standards, such as ISO 27001 (systems standardinformation security management) and CoBiT (management and control in the field of information technologies); - assessment of potential security risks arising from non-compliance with ISO and CoBiT standards; - analysis of vulnerabilities, threats and possible consequences for information security and IT infrastructure; - implementation coordination recommendations and requirements arising from ISO and CoBiT standards to improve cyber security, in particular by implementing security policies, technical measures and security control procedures. Our candidate should be able/know:1. Deep understanding of information security management principles and methods. 2. Experience in the development and implementation of security strategies and relevant policies. 3. Knowledge of international standards such as ISO 27001, NIST Cybersecurity Framework or similar. 4. Expertise in the identification and analysis of information security risks and the development of appropriate risk minimization strategies. 5. Ability to manage information security projects and ability to communicate effectively with various levels of staff. 6. Knowledge of technologies and methods of access restriction and data protection. General requirements: 1. Experience in the field of information security for at least 3 years, including experience in management positions. Preference will be given to candidates who have experience in similar positions in the State Intelligence Service, the Security Department of the National Bank of Ukraine, the Ministry of Digital Affairs, or in banks).2. Higher education in the field of information technology, computer science or equivalent qualification. 3. Excellent communication skills and the ability to cooperate with other departments of the organization. 4. Ability to work in conditions of high pressure and fast-changing environment. 5. The desire to constantly maintain your knowledge and improve your skills in the field of information security.? Conditions: Official employment from the first working day; work schedule: 09:00 - 18:00, or 10:00 - 19:00 5/2 (hybrid schedule possible) ; social guarantees according to the Labor Code of Ukraine, including high income and paid vacation; the opportunity to realize yourself in a system company, apply the acquired experience and initiate changes, professional growth, interesting projects, training and development.