Perform Business Impact Assessments and Risk Assessments on information assets, projects or programs with IT component;
Oversee specific fist line of defense IT operations reacting to IT risks, events and incidents;
Test the design and effectiveness of IT controls and report on residual risk levels;
Recommend controls for the identified risks, agree action plans and closely monitor them until completion;
Active involvement in the projects providing input/advice on information risk and security aspects at different stages of the project life-cycle: business requests, contracting phase, assessment of potential external partners, solution and controls design, assessment of final deliverable;
Develop and/or review documentation such as: policies, procedures, standards, external connections, operational security guidelines, test results, etc.;
Responsible with developing and implementing Information Security culture, education and awareness programs;
Support IT department and Information Risk Coordinator in keeping an accurate and up to date Disaster Recovery Plan;
Maintain, review and test business continuity plans to ensure that the company is prepared to optimally react in case of crisis.
Knowledge of information security principles and concepts, risk management concepts, IT security standards and best practices;
Good understanding of technical concepts related to networking, infrastructure and application security, endpoint technologies, physical and virtual data center hosting;
Experience in the design, development, implementation and operational support of mission critical solutions in large scale environments and organizations and security controls for these solutions;
Experience in monitoring activities of IT controls at both technical and operational level.
Excellent verbal and written communication skills with a wide range of audiences including technologists, executives, business stakeholders and IT team members;
Strong negotiation skills – able to firmly express his/her own view point and to persuade others;
High degree of initiative, dependability and ability to work with little supervision.
BA/BS degree (IT, Automatics & Computer Science, Cybernetics, Electronics preferred), or equivalent experience, security qualifications and accreditation.
Any of the following would be an advantage: CompTIA Security+, CCNA, CCNA Security, SSCP, CISSP, CISM, CRISC, CISA, CEH.