- Lead Group wide security related projects/initiatives;
- Understand and communicate of legal and regulatory requirements on IT and information security;
- Contribute to the standard for IS, IT Risk reporting and KRI monitoring across PH group companies;
- Determine IT and IS risks associated with Corporate Center operations to implement necessary measures;
- Conduct comprehensive reviews and provide insightful evaluations on the current state of IT, Information Security, and Cybersecurity controls;
- Design and maintain information security policies, requirements in projects, products and services;
- Review information systems and processes, data governance processes, ensuring appropriate user permissions and adherence to security protocols;
- Analyze Strategic Asset’s requests on Risk Health Index (RHI) IT/IS/ data and metrics with PH Group companies;
- Assessment, identification and documentation of internal and external IT/IS threats and risks and its impact;
- Manage information security and digital fraud awareness initiatives;
- Lead the investigation and reporting of security breaches, documenting the incident and the extent of damage caused;
- Report on regular basis and upon request,Reporting for different level of management;
- Communicate clearly to a wide range of audiences, form trusting relationships;
Requirements
- Relevant academic qualifications, university degree in Information Security, Informatics, Computer Science, Management of Information Systems;
- Work experience in information security and IT;
- Good understanding of OSs, Networking, Firewalls, be familiar with Application Security, Virtualization, Cloud Security, Data Privacy;
- Understanding of concepts related to information systems, including security and control risks such as logical and physical access security, change management, information security and privacy, business recovery practices and network technology;
- Completion one of certifications like CRISC, CISM, CISSP, ISO/IEC 27005 Risk Management, or specific to the information technology industry such as a Certified Network Engineer, Certified Security Professional, or other certification;
- Previous experience with İnformation Security standards and regulations such as ISO 27k Family, NIST, PCI DSS and etc.;
- Good understanding of information security paradigms and Risk Management concepts;
- Work experience and sound knowledge of the bank/insurance industry;
- Writing and documentation skills;
- Confident written and verbal communication skills along with ability to present technical information to both technical and non-technical audience.
Вакансия опубликована более 2 месяцев назад
Хотите получать больше вакансий?
Подпишитесь и получайте похожие вакансии на IT and IS Risk Senior Specialist. Успейте подать заявку первым!