Information Security Specialist (вакансія неактивна)

Edvantis is a premier vendor of IT outsourcing services, focusing on software services. Edvantis has a wide and balanced portfolio of industry-leading corporate customers in Europe and the U.S. We are looking for an Information Security Specialist who can maintain the Information Security Management system and conduct internal and drive external security audits.

Responsibilities:

• Maintain, improve, and develop security standards, policies, procedures, best practices, and training to continually elevate the impact of protecting the Company’s people, assets, and reputation
• Maintain all ISMS and security compliancy-related documentation, suggest improvements
• Ensure that company policies support compliance with external requirements. Oversee the dissemination of policies, standards, and procedures to the company employees
• Conduct an annual information security risk assessment, the document identified vulnerabilities, mitigating controls, and residual risks
• Conduct threats and vulnerability assessments and determines security requirements and controls following assessment of the business impact of a security breach
• Maintain controls documentation for all relevant risk areas and business/technology processes
• Develop and handle Business Continuity/Disaster Recovery Planning
• Organize and conduct internal and external security audits

Collaboration:

• Develop and deliver education and training programs on information security, and privacy matters for employees, other authorized users, and contractors, review participants progress
• Support in conducting onboarding/leave training
• Consult employees about security control measures provided in the company
• Function as an internal consulting resource on information security issues for the business units
• Serve as a main focal point for audit review and maintain a positive working alliance with auditors
• Create and performs security reporting (metrics, KPIs, security/CEO dashboard)

Operational:

• Detect, respond, investigate, and prevent cyber threats to the Company’s assets
• Anticipate security alerts, incidents, and disasters and reduce their likelihood
• Analyze security breaches to determine their root cause
• Work with various audit teams (internal and external) to track system and application security weaknesses from identification to risk acceptance
• Use security systems (e.g. SIEM, MS365 security center, MS Azure security, vulnerability scanners, anti-virus, anti-malware, firewalls) for risk identification. Reduce false positives
• Handle information security exceptions
• Perform risk assessments of non-standard software
• Perform vulnerability and end-of-life monitoring
• Perform vendors patching notification review, prioritization; end-of-life monitoring

Development:

• Plan, implement, and monitor security measures and controls
• Play a lead role in the identification, analysis, evaluation, and optimization of security technologies
• Lead projects and initiatives to design and verify the implementation of various information security controls
• Establish, manage, and continuously improve governance, risk management, and compliance process

Requirements:

• 2+ years of experience in information security
• Experience in developing and administering an information security program is desirable
• Master’s degree in information security or similar
• Understanding of international and Ukrainian information security laws/standards
• 1-2 years of experience in developing ISMS
• Knowledge of the GRC framework
• Working knowledge of and experience in the policy and regulatory environment of information security
• Knowledge of principles of writing technical documentation
• Understanding of information security controls in computer systems, media, and the Internet
• Understanding of DR/BCP
• Excellent project management, written and oral communications skills desired
• The ability to work collaboratively with a broad range of constituencies is essential
• Demonstrated ability to identify security requirements and validate the implementation of applicable controls
• Strong analytical and conceptual skills balanced by a broad perspective on how security efforts support the realization of business goals
• Critical thinking and problem-solving skills
• Planning and organizational skills
• English level — Intermediate and higher

We offer:

• Career and professional growth
• Competitive salary
• Friendly and highly professional teams
• Big and comfortable office, own parking area, restaurants nearby
• Medical insurance coverage for employees (Сovid-19 included), plus an option for family insurance coverage at a corporate rate
• Paid 12 sick leaves and all holidays
• Paid 18 working vacation days
• English/German language courses
• Ability to work remotely (we provide all equipment)