Job expirat
• Draft and propose the enterprise-wide information security strategy and action plans based on enterprise-wide risk assessment and gap analysis. As a result, identify and propose key information security program priorities, initiatives, practices and tools
• Working with internal teams to address issues in relation to the managed security applications including assisting in any deployment issues
• Develop information security policies, IT procedures and IT processes according to the objectives defined by the IT management and monitor the compliance with defined IT policies and IT procedures
• Conduct technical security assessments and information security projects
• Elaborate information security awareness programs within the company, by establishing a communication and training program for employees and relevant third parties
• Responsible for the maintenance and continuous improvement of relevant security processes and procedures
• Responsible for investigating security incidents, involving relevant parties for solving them and monitoring the closure of these incidents
• Assess information risks and communicate them to appropriate entities. Recommend appropriate compensatory controls to mitigate the identified risks
• Conduct regular and ongoing monitoring of and reporting on enterprise-wide compliance with information security and IT control standards and policies. This includes coordinating the use of external resources involved in the performance of security testing, i.e. penetration tests, vulnerability scans
• Leads the design, implementation, operation and maintenance of the Information Security Management System based on the ISO/IEC 27001 standard, including surveillance audits
• Maintenance of all Information Security Management System (ISMS) Policies , Procedures and relevant standards and supporting documentation as directed
• Coordinate the production of all relevant reports and statistical analysis required for Annual ISMS Management Review meetings
• Maintain and update content of ISMS Action Logs (e.g. Secuirty Incident Log, Security CA/PA Log, Documentation Reviews)
• Bachelor’s degree in an IT-related field
• Minimum 3 years experience in IT Security or IT Processes & Compliance field
• Experience in leading and managing IT security implementation
• A “security” mindset, acting as an example to co-workers with regards to best practices in information security
• Thorough understanding of good IT security practice and security concepts & technologies, including: data loss prevention, firewall, intrusion detection, forensics, anti-virus, access controls, and third-party access management
• Strong ability to analyse complex information and define and communicate this effectively in terms of business risk, providing pragmatic solutions to security issues
• Excellent understanding of ISO 27001 and ISO 27002 Information Security Standards
• Ability to identify and resolve IT related business issues and provide innovative solutions
• Professional discipline, accuracy, reliability and excellent analytical skills
• Technical Skill sets
- Systems: Windows, Cisco Systems, Linux
- Networking: Switches, Routers, Hubs, Servers, Cables, Racks, Firewalls, LAN, WAN, TCP/IP, DNS, UDP, VoIP, MPLS
- Citrix
• Very good technical and business English (German will be considered a plus)
• Certifications such as CISA, CISM, CISSP or equivalent will be considered a plus
• Certifications such as ISO 27001 Lead implementer or ISO 27001 Lead auditor will be considered a plus
• Availability of long-term relocation in Switzerland
Omega Trust (http://www.omega-trust.ro) este o companie ce ofera servicii de audit si consultanta in domeniul tehnologiei informatiei. Cu o experienta de peste 10 ani in furnizarea serviciilor de audit si consultanta IT pentru companii din diferite industrii precum: financiar-bancar, telecomunicatii, piete de capital, asigurari, retail, dezvoltare software etc., Omega Trust isi propune sa ofere servicii de o calitate deosebita clientilor sai.