Information security manager in Eurasia Foundation

The Eurasia Foundation, the executor of the project "Support for digital transformation" (DTA), is looking for an Information Security Manager. Job description and qualification requirements: Purpose: The purpose of the project is to improve the state of security and the level of cyber security of the PROZORRO ITS and other information systems of SE PROZORRO (hereinafter referred to as the Enterprise). Prozorro is an electronic public procurement system that has replaced paper tenders. "Everyone sees everything" is our main principle. Thanks to the reform, all public procurement was transferred online. The Prozorro reform is a business card of Ukraine in the world and an example of a real reform based on open data and modern IT solutions. Description of the position of an expert (function):? Implementation of the Information Security Management System at the Enterprise;? Control of the enterprise's compliance with the requirements of legislation in the sphere of information protection and cyber security. Coordination of cyber security projects; Analysis and assessment of the risks of information security. Analysis of threats and vulnerabilities in the PROZORRO ITS and other information systems of the Enterprise;? (preferred) Participation in the monitoring and support of information and cyber security monitoring systems Scope of work and duties of an expert:? Information Security Management System:- Analysis of the existing state of ISMS processes;- Organization of the ISMS implementation and improvement process;- Participation in the development and implementation of the necessary ISMS policies and procedures;- Conducting training of employees on information and cyber security issues;? Cyber ​​security and the requirements of legislation in the field of information protection: - interaction with subjects of the national cyber security system and organizations responsible for monitoring the state of security of state information resources; - preparation of materials and reports on the current state of cyber protection; - participation in the support of the Comprehensive Information Protection System (CISP) Enterprise systems? Risks, threats, vulnerabilities - control over the state of information and cyber security in PROZORRO ITS and other information systems of the Enterprise; - analysis of the existing processes of the Enterprise related to information and cyber security; - analysis of the existing architecture of PROZORRO ITS and other information systems of the Enterprise and identifying possible vulnerable places; - providing recommendations on ways to reduce existing risks;? Incident management - development and implementation of policies and processes for responding to information security incidents; - participation in the investigation of information security incidents;? Systems of monitoring and ensuring information and cyber security (preferred) - analysis of the state of existing systems and their settings and providing recommendations for their improvements; - participation in the administration of IT security systems; - reaction to events of monitoring systems of information security events. Requirements for the qualification of an expert:? 3+ years of work experience as an Information Security specialist or manager;? Good knowledge of international standards and information security frameworks (eg PCI DSS, ISO 27K, NIST);? Experience in building an information security management process according to the ISO/IEC 27001:2015 or ISO/IEC 27001:2023 standard;? Practical experience in IT and IT risk analysis and assessment;? Experience in development and testing: incident response plansentity, business continuity plan, disaster recovery plan;? Knowledge of cloud security principles (AWS);? Basic knowledge of IT security tools (endpoint protection, ossec systems, vulnerability scanners). The expert must meet the established qualification requirements, have an impeccable business reputation, relevant professional experience and adhere to the principles of integrity. Please read carefully the position description and expert qualification requirements/ experts at the link above and the Code of Ethics. We are waiting for a resume that contains direct contact information, information about relevant work experience and skills at [email protected]. Please, in the subject of the letter, specify the name of the position and the internal serial number of the Eurasia Fund in relation to this competition, namely: DTA-RFQ-2024-007. The deadline for submitting documents: May 21, 2024 (18:00 Kyiv time). Award the contract depends on the availability of funds. General information: Date of announcement: May 7, 2024. Final date of submission: May 21, 2024. Form of cooperation: consultant contract - 12 months with the possibility of extension. Place of work: hybrid work mode