Information Security Officer

☑ Основной блок:

Опыт работы: более 6 лет.

Тип занятости: полная занятость.

График работы: полный день.

Зарплата: по результату собеседования.

Место работы (точный адрес): Россия, Москва, Волочаевская улица, 5с3, м. Римская, м. Площадь Ильича.

☑ Актуальность объявления:

Это объявление № 29180 добавлено в базу данных: Суббота, 1 марта 2025 года.

Дата его обновления на этом интернет-ресурсе: Воскресенье, 16 марта 2025 года.

☑ Репутация компании "ВТБ Капитал":

Читайте свежие отзывы сотрудников об этом работодателе здесь!

Оставить своё мнение об этой компании можно тут без регистрации и бесплатно.

☑ Подробности о вакантном месте:

Position:

• As part of The Global IT Security Office the role will provide a framework to manage IT Security risks. This will be achieved through a tool-set of IT Security Policies, underlying standards and guidelines, risk metrics, and by providing essential consultancy expertise through the oversight of standards deviation, Infrastructure and Application Risk Assessment processes within VTB Capital (VTBC) globally. The key focus is to provide technical risk assessments into IT, business projects and BAU activities. The risks must be managed in a transparent and pragmatic way.

Main Tasks:

• Develop and execute IT Security Strategy
• Identify, Assess and Contain Information Security Risks
• To provide business and CIO teams within VTBC with expert IT security risk management and consultancy services to help them manage their IT Security Risks
• By working closely with IT and business managers the candidate will endeavour to ensure that all new system developments, infrastructure projects, maintenance, enhancements and other project activity are conducted according to the policies, standards and guidelines and that the calculated risk levels are mitigated by appropriate levels of control
• Liaise with the Business/IT to ensure that all projects complete required security documentation. Formally document residual risks and areas of policy non-compliance for project for risk mitigation
• Provide functional leadership and expertise in respect of Information Security, enabling VTBC to meet its business objectives and act appropriately in the face of rapidly changing threats, technologies and business conditions
• Work closely with Audit, Compliance, Risk managers, Data Protection, HR and Corporate Security and Business Continuity teams in VTBC globally
• Develop, communicate and maintain Information Security standards and guidelines to maximise the effectiveness of security architecture and controls in meeting these requirements
• Execute Information Security Incident Response framework
• Maintain VTBC FSTEC “TZKI” license
• Be responsible for VTBC global Threat Intelligence
• Drive IT Security KRI program enhancement
• Develop and enhance Information Security and IT Security Architecture
• Participate actively and support VTBC information security driven projects and initiatives. Manage implementation of certain projects
• Act as a focal point of contact for all information security matters
• Provide supervision to all VTBC Holding subordinate companies in terms of IT Security Management
• Be a single point of contact for VTB Group Information Security function in terms of information infrastructure security
• Support IT Security governance
• Manage IT Security outsourced services and counterparties
• Manage IT Security budget
• Ensure appropriate due diligence and due care in order to satisfy international and local legislations’ requirements and be able to prepare a risk balanced and cost optimal solution

Key Competencies and Qualifications:

• Min 5+ years’ experience in information security, technology risk controls or related fields, with hands-on experience of risk analysis techniques, design and architectural reviews, and risk management.
• Should possess deep knowledge of business functions and be a subject matter expert in technology, business, or operations and a thought leader for assisting senior technology or business leaders in determining current and future information security risk management strategies and practices
• Demonstrable technical knowledge and experience of security principles, risk assessment, products & architecture in distributed computing environments, core platforms and network technologies in a global infrastructure
• A broad understanding and hands-on experience of the technical and non-technical imperatives which bring about change in a global banking environment
• Previously worked with policies and standards providing risk analysis throughout the development lifecycle of core business applications and infrastructure
• Understanding of information security risks associated with the introduction of new technologies as well as the demonstrated ability to define appropriate countermeasures, both technological and procedural
• Strong programme and project management skills: experience with managing controls programmes across large development organizations
• Good understanding of development practices and lifecycles.
• Team player with energy and a desire to progress in a fast moving, demanding and progressive environment
• Strong written and verbal communication skills.- Be able to articulate an independent and balanced opinion in both written and oral form, identifying real issues and providing compelling solutions in a succinct manner.
• The ability to forge effective and productive relationships with all levels of management, both within the business and IT
• Have excellent report writing skills and an ability to communicate complex issues clearly and concisely to non-technical persons
• Have an excellent grounding in information technology applications and infrastructure technologies;
• Have a solid foundation in IT operations understanding how effective organisations and processes operate
• Information Security Professional education and Information Security refresh training in order to comply to FSTEC license requirements for technical protection of confidential information according to Government Regulation “On licensing activities for technical protection of confidential information”
• Industry certifications such as CISM, CISA and CISSP are a plus

☑ Отклинуться сообщением, резюме, запросить телефон, отправить жалобу (претензию):