Information Security Manager
  • Ukraine
  • Sombra
5 months before
30.06.2024
Protect and Defend
Vulnerability Assessment and Management
Job Description

Our Information Security department has been working for more than three years now. We are looking for a new Lead to bring more technical background and strategic thinking to the table. The processes and tools are established, so you will be responsible for adjusting them and establishing new ones as the company and client requirements for InfoSec are growing. You will lead another InfoSec specialist.


Requirements:
5+ years of experience in InfoSec;
Understanding the principles of IT infrastructure protection systems and network security (Fortinet experience would be an advantage);
Experience with IAM systems (experience with Microsoft Entra ID would be an advantage);
Experience with Vulnerability management systems;
Experience setting up SIEM ;
Experience with CrowdStrike would be an advantage;
Experience configuring security policies for Google Workspace/Office 365 would be an advantage;
Knowledge of common information security management frameworks, such as ISO/IEC 27001 and NIST;
Experience in passing or conducting external audits;
Understanding risk and incident management methodologies;
Documentation writing skills;
English Upper-Intermediate or higher (written and spoken);
Proficient communication skills;
The ability to effectively communicate, negotiate, and establish mutual understanding with diverse people.


Responsibilities:
Being responsible for the Information Security of the company;
Developing and managing the security strategy;
Meeting the InfoSec goals and KPIs;
Coordination, support, and control for the IT security processes (ISO2700x);
Leading projects to implement and modernize the information security systems (NGAV, EDR, IAM, SIEM, WAF, etc.);
Ensuring that the company’s tools can properly monitor security events from corporate IT systems, devices, applications, databases, and solutions while overseeing information security monitoring activities;
Organizing and conducting penetration testing;
Building IT asset management;
Identifying risks and measures;
Management of incidents;
Working daily with the company management to establish information security in each department (ability to handle conflicting interests of departments during the deployment of information security measures );
Organizing internal training on information security for employees (training, education, testing) ;
Conducting internal audits on information security;
Preparing the company for passing ISO 2700x and other audits;
Managing another InfoSec specialist;
Handling clients’ security inquiries;
Taking part in pre-sales meetings with our clients to ask questions and understand their needs in our cybersecurity services (AppSec, Pentesting, Security Consulting, and Managed Security Services);
Help to prepare marketing materials and proposals for such clients;
Interview security engineers who could fulfill client needs.


What we offer:
Annual paid vacation of 18 working days.
Extra vacation days for long-lasting cooperation.
Annual paid illness of 10 days.
Maternity\Paternity leave.
The opportunity for sabbatical leave.
Marriage and Parenthood Package.
Compensation for sports activities (up to 6000 UAH\year).
50 % cost compensation for attending courses for self-development.
Corporate doctor.
Internal education(corporate library, Udemy courses).
Career development plan.
English and Spanish classes.
Paying taxes and conducting private entrepreneurs.
Technical equipment: laptop, mouse, keyboard, monitor.
Internal Referral program.
Opportunity to take part in company volunteering activities.
Technical community events.


Quick response

Required Knowledge

Required Skills

Required Abilities