Chief Security Officer (вакансія неактивна)

We are looking for CSO, who has build IT security best practices and controls and has practical experience in areas of cybersecurity for IT company

Responsibilities:
— Providing expert assessment and remediation advice to our customers, related to Service Organization Controls (SOC 2), ISO 27K, Personally Identifiable Information Data Security Standard (PII) etc.
— Provide suggestions and recommendations for preparing security policies relevant to the organization’s culture, objectives, and risk tolerance.
— Performing activities to support our customers’ data privacy programs, such as Data Privacy Impact Assessments, data inventory, and dataflow mapping.
— Creating professional reports for our clients that detail assessment findings.
— Lead the review of security vulnerabilities across a variety of technologies and environments to determine high-risk vulnerabilities to business assets.
— Develop and maintain a security roadmap.
— Identify and research security improvement opportunities through interaction with all departments, vendors, and leading practices.
— Stay up-to-date on information technology trends and security standards.
— Participate in the development, reporting, and improvement of SecOps and general Security Operations metrics and KPIs.

Requirements:
— Understanding Kerberos, AD, MFA, OKTA, VPN, Peering.
— Experience with Encryption.
— Experience with Firewalls/ Security groups/ ACLs, WAF.
— Experience with IDS/IPS.
— Good understanding and experience with Secret management systems (Vault, AWS KMS)
— Experience with Disaster recovery.
— Experience with Audit.
— Understanding of IT security best practices and controls.
— Practical experience in areas of cybersecurity.
— Knowledge of SANS/CWE Top 25, OWASP Top 10 Proactive Controls and — Application Security principals, CISA recommendations, CNCF landscape.
— Understanding of penetration testing tools (OWASP ZAP or similar)
— Good understanding of Network (Subnets, Routing tables, NAT, ACL, Firewall).
— Experience with Cloud computing: AWS, GCP, AZURE, OPENSHIFT
Troubleshooting, proactive self-learning, sharing knowledge, participate on new architecture changes
— Experience with VCS: git, bitbucket, CodeCommit, gitlab
— Experience with Monitoring: Zabbix, CloudWatch, Prometheus, ELK, Graylog
— Experience with Log Management tools: Rsyslog, Syslog-ng, log4j, CloudTrail
— Experience with Scripting: Bash, Python, GO
— Good understanding and experience with Linux administration: Debian, CentOS.
— Writing documentation SDLC
English: B2-C2

Benefits:
— Possibility to grow within a multicultural work environment with a flat structure and direct, informal communication
— Flexible working environment
— Full-time employment
— Remote work
— 4 working days week