Information security officer
Mittlere Stufe (2-5 Jahre)
Diese Stelle ist nicht mehr aktiv, aber Sie können Ihre Bewerbung senden
We are looking for a senior information security officer to join our information security team.
- Education: Degree in Computer Science, Information Technology or related fields.
- Work experience in information security management / consultancy and/or related functions such as IT audit or IT Risk Management;
- Knowledge of information security standards and best practices like ISfamily, PCI-DSS, COBIT 5 framework for information security;
- Knowledge and understanding of the latest European regulations and compliance requirements such as General data protection regulation (GDPR), Payment services Directive (PSD2), The Directive on security of network and information systems (NIS Directive);
- Experience in financial / banking area would be a plus;
- Previous experience as a system / network administrator is a plus;
- Relevant courses or certifications would be an advantage (CompTIA Security+ / CISA / ISM / CEH / CISSP / ISO2700X / PCI DSS).
- Good communication and interpersonal skills;
- Fluency in English, both written and spoken;
- Able to balance daily tasks with projects related tasks;
- Analytical, detail oriented;
- Willingness to learn and experience;
- Planning and organization skills;
- Proficiency with MS Office tools.
- Participates in developing and keeping up to date the information security strategy and plans, information security policies and procedures and in monitoring their effective implementation;
- Contributes to the design of the information security architecture of the bank;
- Acts as main contact point for all information security items, issues and incidents;
- Contributes to the implementation of specific processes for handling the information security incidents, monitors their implementation and reports, escalates and manages specific information security incidents;
- Monitors the progress of corrective and preventive IT action plans;
- Analyzes alarms and alerts generated by specialized IT systems (like antimalware, intrusion detection systems, spam filters, SIEM or DLP) in order to identify the potential security threats;
- Handles and manages practical information security activities such as PKI administration, encryption keys management, etc.;
- Key participant and main contact point for all information security related tests, controls and IT audit activities;
- Elaborates and communicates documents and newsletters meant to increase users’ awareness and knowledge on information security issues;
- Provides guidance and support to bank’s employees for any information security related matters;
- Manage the IT risk assessment process including determining inherent risks, controls in place, action plans and residual risks;
- Prepares independent information security reports, when the case.