IT Security Manager - EMEA
JOB PURPOSE : The Information Security & Compliance Manager (ISCM) role is a critical role within Group IT. The role holder will work to deliver the objectives within Group IT Information Security strategy and further enhance a security program that identifies and addresses security and privacy risks and security requirements.
The ISCM will be responsible for managing the process of gathering, analyzing & assessing the current & future information security and privacy threats to the company as well as maintain & monitor the information security best practices as they develop.
The role holder will work with senior managers across the company to drive the information security agenda and ensure that it meets complex compliance requirements.
They will act as an empowered representative of Group IT planning initiatives to ensure that security controls are incorporated into IT projects at the design stage and expectations are clearly defined.
The role holder will also play a leading role in the evaluation of current Information Security breach management processes and ensure that the company can meet its mandatory data breach notification obligations should the need arise.
MAIN DUTIES AND RESPONSIBILITIES :
Ensuring the security and sustainability of information and communication systems by preventing, defining and applying standards, as well as controlling vulnerabilities and managing incidents.
Work with the Group IT Leadership Team to build on an existing information security program and ongoing security projects that address information security risks and compliance requirements.
Consult with Group IT Project Teams to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software as part of Privacy by Design and Default.
Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment;
provide technical and managerial expertise for the administration of security tools.
Manage and coordinate operational components of security incident management, including detection response and reporting.
Investigate ,manage and document security breaches and other cyber security incidents
Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
Manage security projects and provide expert guidance on security matters for other IT projects.
Evaluate requests for exceptions to policies, ensuring sufficient mitigating controls are in place.
Provide Information security communication, awareness and training to the company
Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
Report and mitigate security vulnerabilities and vulnerability management system
Participate in develop of best practices for IT security
Conducting Information security auditing
Participate in risk management process
KNOWLEDGE AND EXPERIENCE :
Proven experience in an information security role including experience of developing Information Security policies and plans
Working knowledge of the European General Data Protection Regulations (GDPR) Excellent understanding of information security concepts, protocols, industry best practices and strategies.
Good understanding of system technology security testing (vulnerability scanning and penetration testing.
SPECIFIC SKILLS :
Advanced Public Key Infrastructure, Office 365 Security, Network Security, Virtualization, Backup and Disaster Recovery, Enterprise Mobility Management Strategies, Enterprise Patch Management
Familiarity with penetration testing techniques
Understanding of firewall implementation and best practices
Understanding of proxy services and web filtering techniques and best practice
Understanding of Security Incident and Event Management systems and their management
Experience with antivirus and end-point protection systems
Understanding of network defense strategies and techniques.
Knowledge of and ability to create, implement, evaluate and enhance processes in internal controls
Knowledge of organization's internal audit and QMS processes, practices and methods
Excellent communicator able to reduce complex ideas to simple terms and express these both to non-technical and highly technical audiences
Strong analytical, synthetical, critical thinking, and organizational skills
Integrity, autonomy, rigor, sense of organization
Experience of planning, prioritizing and organizing the work of yourself and others, delivering to tight deadlines whilst ensuring the effective use of resources
Demonstrable ability to work in a pressurized environment with conflicting priorities, ensuring that deadlines are met ensure high quality service
Availability to travel as needed to attend internal / external audit meetings and perform IT Security audits to ensure compliance with the Company's standard (around 30% post-covid)
If our offer sounds interesting and you match the profile, please apply now!
To learn more about Antal, please visit www.antal.cz
120 00 Praha 2