Internal Control Division / Information Security / Senior Specialist

Being responsible for ensuring that all valuable business information is classified, controlled for access and kept visible, intact and confidential.

Responsibilities:

• Ensuring the visibility, integrity and confidentiality of all valuable business information, as well as controlling its classification and access;
• Providing identity and access controls through physical access based on the policy of access management and access control mechanisms;
• Being responsible for security control;
• Investigating high-impact incidents and problems in the incident and problem management process;
• Developing and implementing information and data security policies;
• Ensuring the retention of logs related to software applications;
• Monitoring stored logs;
• Developing and maintaining authorization rules for position categories and ensuring compliance;
• Drafting the "Company Secrets" policy and agreement (i.e., determining which information is considered "company secrets");
• Implementing measures for timely changing of passwords;
• Testing compliance with rules by sending test information of a sensitive nature to colleagues;
• Developing policies to prevent the leakage of strategically important information belonging to the company;
• Implementing continuous monitoring of incoming and outgoing emails and immediately informing management in case of identifying risky emails;
• Conducting monitoring of operations performed by "superusers" based on the list of superusers;
• Ensuring blocking of USB outputs for employees and controlling data transfers by employees with USB outputs;

Requirements:

• Education: Bachelor's degree in Information Security, Information Technology, Mathematics or related fields;
• Required work experience: Minimum of 3 years of work experience in Information Security or related fields;
• License/Certificate: Possession of CompTIA Security or other entry-level certificates is an advantage;
• Foreign languages: Proficiency in English;
• Computer skills: MS Office Excel;
• Product-specific knowledge: Knowledge of Basic Banking Systems, Card Application Systems, and network devices, with experience in AWS being an advantage. Proficiency in leading security practices (NIST, ISO 27000X, PCI DSS) is preferred;
• Other requirements: Knowledge of PCI DSS, NIST, ISO 27000, ITIL, COBIT standards, Analytical skills, attention to detail.