ELEKS announces a vacancy opening for Head of Corporate Security at Lviv office.
Head of Corporate Security is responsible to oversee the entire security program. Responsible for compliance and maintaining security strategy that covers prevention, detection, and response. Responsible to develop, deliver and promote professional and managed security services.
- Develop and maintain short- and long-term corporate security plans / projects aligned with business objectives.
- Establish and maintain strong relationships with both senior and operating level business leaders to ensure alignment to customer and business needs while prioritizing key initiatives.
- Plan, coordinate corporate security department activities.
- Actively manage objectives, identify potential gaps, and develop improvement plans.
- Effectively inform stakeholders about the status of the information security posture.
- Coordinate the development and review of information security policies, standards and procedures.
- Acquire a complete understanding of a company’s technology and information systems.
- Keep abreast of new technology and recommendations for the company.
- Plan, research and design robust network and system security architecture.
- Enforce systems development, deployment and operation according to security policies.
- Responsible for risk, identity, incident management; compliance and audits, security architecture, secure software development life cycle, security operations center etc.
- Anticipate new security threats and stay-up-to-date with evolving infrastructures.
- Develop strategies to handle security incidents and coordinate investigative activities.
- Prepare financial forecasts for security operations.
- Prioritize and allocate security resources correctly and efficiently.
- Provide leadership, training and technical advice to corporate security team. Identify and address training and career development needs.
- Responsible for department and individual performance assessments and improvement plans.
- Serve as the compliance officer with respect to information security policies and regulations. Prepare and submit required reports to external agencies.
- Serve as the contact point for information security, privacy and copyright infringement incidents, including relationships with law enforcement entities.
- Serve as the company contact point for external auditors and agencies, survey requests, etc. on security / privacy matters.
- Serve as the lead information security technical liaison between customer staffs and other supporting entities.
- Coordinate the development and delivery of an education and training program on information security and privacy matters for stakeholders.
- Review, approve and recommend changes to the existing and proposed systems, as needed, to address gaps in the existing security posture.
- Review firewall, switch, router, server, workstation and virtual environment configurations.
- Work with stakeholders to produce / maintain comprehensive documentation on network architecture, deployed systems and applications.
- Good understanding of cyber security, cloud security, network and application security, mobile security, security testing.
- Knowledgeable of current and emerging security and information technology standards and practices.
- Design, developing, deployment, and audit experience of firewalls, intrusion detection / prevention systems, virtual private networks, network segmentation and isolation, security incident and event management, endpoint detection and response, data loss detection / prevention, vulnerability scanners, database security, encryption, endpoint protection, mobile device management and Wi-Fi security; identity and access management / role based access control.
- Provide quality assurance and control over security technologies.
- Hands on experience with network, system security architecture and technical audits, system hardening.
- Hands on experience on security architecture design and implementation for large organization.
- Understanding of professional and managed security services. Experience with presale / post sale activities, system integration.
- Security Operation Center maturity assessment. Security tools tuning and optimization.
- Service management.
- Experience with simultaneous ISO 27001, SOC2, PCI DSS, HIPAA and customer requirements compliance. Requirements mapping.
- Practical deployment of OWASP, NIST, SANS best practices.
- BCP / DR implementation and review.
- Maintain secure software development life cycle.
- Strong project/program management and facilitation skills.
- Experience on security policy, standards and procedures development.
Skills and abilities:
- Proven leadership capabilities and strong communication and interpersonal skills.
- Ability to prioritize and execute tasks and make sound decisions in emergency situations.
- Ability to think strategically and act tactically.
- Ability to manage the full lifecycle of multiple concurrent complex projects.
- Critical thinking and problem-solving skills.
- Planning and organizational skills.
- Upper-Intermediate level of English is a must.
- German language will be a significant advantage.
- 5+ years of experience in information security.
- 3+ years of managerial experience.
- CISSP, CISM, CEH, CISA, ISO 27001 LA will be a significant advantage.
What will you get with ELEKS:
- Above average compensation and competitive Social package
- Challenging tasks
- Professional development
- Team of professionals
- Dynamic environment with low level of bureaucracy