Job Openings
Internal Control Division / Information Security / Senior Specialist
About the job Internal Control Division / Information Security / Senior Specialist
Being responsible for ensuring that all valuable business information is classified, controlled for access and kept visible, intact and confidential.
Responsibilities:
- Ensuring the visibility, integrity and confidentiality of all valuable business information, as well as controlling its classification and access;
- Providing identity and access controls through physical access based on the policy of access management and access control mechanisms;
- Being responsible for security control;
- Investigating high-impact incidents and problems in the incident and problem management process;
- Developing and implementing information and data security policies;
- Ensuring the retention of logs related to software applications;
- Monitoring stored logs;
- Developing and maintaining authorization rules for position categories and ensuring compliance;
- Drafting the "Company Secrets" policy and agreement (i.e., determining which information is considered "company secrets");
- Implementing measures for timely changing of passwords;
- Testing compliance with rules by sending test information of a sensitive nature to colleagues;
- Developing policies to prevent the leakage of strategically important information belonging to the company;
- Implementing continuous monitoring of incoming and outgoing emails and immediately informing management in case of identifying risky emails;
- Conducting monitoring of operations performed by "superusers" based on the list of superusers;
- Ensuring blocking of USB outputs for employees and controlling data transfers by employees with USB outputs;
Requirements:
- Education: Bachelor's degree in Information Security, Information Technology, Mathematics or related fields;
- Required work experience: Minimum of 3 years of work experience in Information Security or related fields;
- License/Certificate: Possession of CompTIA Security or other entry-level certificates is an advantage;
- Foreign languages: Proficiency in English;
- Computer skills: MS Office Excel;
- Product-specific knowledge: Knowledge of Basic Banking Systems, Card Application Systems, and network devices, with experience in AWS being an advantage. Proficiency in leading security practices (NIST, ISO 27000X, PCI DSS) is preferred;
- Other requirements: Knowledge of PCI DSS, NIST, ISO 27000, ITIL, COBIT standards, Analytical skills, attention to detail.