Tech People Hungary Ltd. is a Technical Skills recruitment consultancy based in Budapest and Warsaw primarily sourcing professionals for ICT, Finance, Engineering and Logistics related positions. Now we are searching candidate for the following position:
Technology Information Security Officer (E-C27)
The ICG Technology Risk & Controls Team is responsible for managing risk and providing controls and compliance guidance and support to Technology Development Units by ensuring compliance with companyi standards, policies, and procedures, liaising with internal and external auditors and coordinating audit responses. The team needs to expand its capability to address the increasing numbers of vulnerabilities and security issues found in production application environments.
The TISO will have strong technical acumen and should establish relationships with application managers, domain architects, project managers and other disciplines within the Application Technology units. The TISO will be a focal point for ensuring that there is a strong Information Security environment as well as ensuring applications, or systems, deployed in support of a business provide a level of protection appropriate to the class of information managed in those systems.
Risk Management Responsibilities
• Facilitate departmental compliance with all Information Security policies, standards and regulations (Sarbanes Oxley (Sox-404), Operational Risk, Cross-border Data Privacy, GLBA, etc.)
• Conduct Application Security Assessments (ISRP, ACQ/Threat Assessments, EVA/IVA on new, existing and vendor and in-house applications, etc.)
• Review and approve (e.g., unwrapped software, Functional IDs, USB / Local Admin access, SSL Certificates, Firewall Requests, toxic entitlements, etc.)
• Liaise with Business Information Security Officers and application development community to assist in identifying and reducing IS risk within applications to acceptable levels
• Monitor risk mitigation process and risk oversight
• Engender a culture of secure coding practices as part of SDLC process
• Act as a subject matter expert on all aspects of Application Information Security
• Drive execution of directives as mandated by Global IS Organization Reporting and Governance Responsibilities
• Compile data and prepare application IS risks reports for management
• Analysis and identification of potential non-compliance issues
• Monitor progress of corrective action plans and risk exceptions
• Lead and /or contribute to ad-hoc requests and projects as required
• Act as subject matter expert on Application Information Security topics during Audit meetings
• Identify opportunities for process improvement
• Facilitate compliance to defined standards and develop tools to assist compliance
• Alignment of processes across regions and globally, where possible
• Participation in Corporate and ICG-level working groups
• Propose and implement appropriate emergency access procedures commensurate with Information Security risk.
• Advanced analytical and problem solving skills with use of automation for efficient process execution.
• Exhibit strong influencing / negotiation skills as well as written/verbal communication skills.
• Strong service approach
• Planning and organising
• Delivery focused
• Willing to be involved in all aspects of a task
• Exhibit good attention to detail Essential Criteria
• Experience in Information Technology
• Experience in Web Development / Application Development / Architecture.
• Experience with Software Development Life Cycle; SDLC a plus.
• Understanding of Operating Systems (e.g., UNIX, Linux, WINTEL), Databases (e.g., Oracle, SYBASE, MS-SQL), and Programming Languages (e.g., JAVA, .Net, C/C++).
• Working knowledge of application security, secure coding, and development tools and practices with expertise in any one or more of the following area: authentication and encryption solutions, web application security, mobile technologies, application architecture reviews.
• Knowledge of Information Security, IT Risk and Controls
• Knowledge of the company Information Technology Management Standards, Policies and Practices
• Proficient in MS Office products, particularly PowerPoint & Excel
• University degree, or higher, in a technical discipline
• Professional certification, such as CSSLP and CISSP, or willingness to obtain certification within 12-18 months of start date
• Certifications in project management methodologie
Language requirements (including proficiency levels for speaking, reading, and writing):
Strong communication skills in English with regard to speaking, reading, writing and presenting.
Location: Budapest, travelling 10 % of the time
Working hours: normal business hours
Job opportunity: employee position
In case you are interested please register online. You can call: +36-30-730-2549