Information Security Officer recruitment
The candidate will have a range of IT and security experience, ideally in the financial services industry or a large consultancy. Two to five years of security experience is required for this role. The ideal candidate should have experience of security and audit standards such as ISO 27001 and/or BITS Shared Assessment Program, as well as actual practical hands-on experience such as Operational Security skills and security assessment work.
The ideal candidate will have:
• Establish and monitor compliance with company security requirements.
• Assist key stakeholders in responding to audit points and findings.
• Conduct security assessments according to the BITS Standardized Information Gathering (SIG) Agreed Upon Procedures (AUP).
• Implement process to periodically recertify user access and authorization to applications; ensure provisioning/de-provisioning of users is performed correctly.
• Assist key stakeholders in developing and implementing a Security Governance Program throughout the organization.
• Support the sales cycle by responding to client RFI / RFQs in a consistent and timely manner.
• Enhance and maintain existing vulnerability and patch management programs.
• Assist in performing architectural reviews on new and proposed projects, provide recommendations and work with stakeholders to develop a solution.
• Manage the Information Security Risk Management system and ensure that risks are reported and responded to in a consistent and timely manner.
• Bachelor's degree in Information Technology or in a related field OR, the equivalent combination of education, training and/or experience.
• Security certifications such as those in the ISACA or ISC2 families would be a bonus, but not required. If the candidate does not hold such a certification, achievement would be a target within 2 years
• Working knowledge of international security standards such as ISO 27000 or ISF Standard of Good Practice.
• Experience of documenting status reports, plans, policies, procedures and presentations.
• Experience of working in security-related IT projects using project management and software tools.
• Working knowledge of SAS70 or ISAE3402 or similar audit/compliance standards experience.
• Working knowledge of IT security best practices and configurations as used in desktop, server, and network configurations.
• Experience of monitoring security threats, analyzing vulnerability assessments, and balancing security with business rules/needs.
• Experience of working with other IT professionals to resolve fast-moving vulnerabilities such as spam, virus, spyware and internet filtering.
• Experience of auditing or monitoring routers, firewalls and DMZ services to ensure that a proper security configuration is being used.
• Ability and willingness to work extended hours or modified schedule for planned or emergency work.
• Ability and willingness to travel to and work at various Company locations if required.