Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Architecture, Policy, Governance and Standards, State and local regulations and
internal audit compliance, Payment Industry related regulations (PCI-SSC
directives)
Broad Knowledge Expertise in Information, Network Application Security
Compliance /Certification, Security Operations
Strong Deep Knowledge of SDLC phases, Tech Tools around that, creation of
Environment for Support and Drive Team
Security Architecture Engineering team in performing vendor bake offs, P vendor
assessments and driving project team members until the solutions are deployed.
Managing Design / Drive Team to implement IT Infra Info Security Quality Processes
(ISO 27001, PCI-DSS v3.2.x, PA-DSS)
Create / Help Create/ Manage / Maintain / Update - Process, Quality, Documents,
Standard for IT Infra and Info Security Objective, and maintain up to date scenario
as per business objective, driving PCI-DSS, PA DSS, Cyber Security and other
required audit / document compliance, and work as Inter Auditor
Creation of run-books and other documentation for various projects and operational
tasks, BCP, DR, Work place recovery, Power maintenance activities.
Process / Audit / Quality / Doc implementation for any of IT related organization
process / framework under - ISO 27001:2013 or latest / COBIT 5 / GDPR/HIPAA / PCI
DSS V. 3.2 / ITIL
Create Plan Drive Security Compliance tasks for Organization Critical Area - Risk
Compliance Process Maintenance (Calendar for Audit, VA, PT, Assessment external /
internal, AppSec) Management Report / Client Handling
Project Management for ---Security configuration as required (AV solution SIEM
tools and Log Management SolarWinds Solutions)
Mitigating Internal Audit findings by implementing the required remediation also
creating documentation as required.
Plan security tools to help support the Information Security team and other
security related projects.
Lead forensic investigations and Computer Security Incident Response by
coordinating efforts between HR, Legal, Compliance, Global Security, etc. In case
of Gag
Managing / Drive for - Risk Assessment (Asset, Access, Threat, Vulnerability) Risk
Closure drive, VA , PT, Network , Cyber Security, Patches, Security Notification
Management / Drive Team to close
Collaborating and working with respective business units and driving remediation
and providing consulting service related to vulnerabilities.
Possess excellent communication, interpersonal, people management, relationship
management and analytical skills. Experience of working under cross-cultural
environments.
�?� Support the effective operation of Jumio ISMS within region or function
andassociated independent security certification activities
�?� Manage the process of gathering, analyzing and assessing the current andfuture
(local / regional) threat landscape, as well as providing a realisticoverview of
(local) risks and threats in the enterprise environment.
�?� Supporting the development and management of (local / regional)
securitygovernance processes and relevant forums that provide visibility
andtransparency of Jumio�??s cyber security risk position with relevant
riskmanagement stakeholders around the business in alignment with the globalISMS.
�?� Serve as an active and consistent participant in the (local /
regional)information security governance process.
�?� Work with the Governance Risk and Compliance team, CISO function,technology and
business stakeholders to define metrics and reportingstrategies that effectively
communicate successes and progress of thesecurity program.
�?� Support CISO function to develop budget projections based on (local /regional)
short- and long-term goals and objectives.
�?� Work with various stakeholders to identify information asset owners toclassify
data and systems as part of a control framework implementation.
�?� Monitor and report on (regional / local) compliance with security policies,
aswell as the enforcement of policies within the business.
�?� Propose changes to existing policies and procedures to ensure
operatingefficiency and regulatory compliance and/or amendments to existing
policiesand procedures to fit local needs.
�?� Provide security communication, awareness and training for local, regional
orfunctional audiences
�?� Assist (local) resource owners and IT staff in understanding and respondingto
security audit failures reported by auditors.
�?� Support security related incidents and participate in problem and
changemanagement forums.
�?� Manage outsourced vendors that provide information security functions
forcompliance with contracted service-level agreements.
�?� Consult with (local) IT and IT operations staff to ensure that security
isfactored into the evaluation, selection, installation and configuration
ofhardware, applications and software.
�?� Recommend and help coordinate the implementation of technical controls
tosupport and enforce defined security policies.
�?� Provide support to security champion networks, security guilds and act
ascascade point of contact into the location, region or function within scope�
Qualifications, Experience & Skills Required:�
�?� A minimum four years in an information security role.
�?� A bachelor's degree in information systems or equivalent work experience;an
M.B.A. or M.S. in information security is preferred.
�?� A CISSP, CISM, or CISA certification from ISC or ISACA is desirable.
�?� Experience of working within successful, dynamic Information SecurityManagement
Systems
�?� Experience in developing and maintaining policies, procedures, standardsand
guidelines.
�?� Experience with common information security management frameworks,such as
Payment Card Industry Data Security Standard (PCI DSS) PCI DSS,International
Standards Organization (ISO) 2700x, National Institute ofStandards and Technology
(NIST) Cybersecurity Framework, and AdaptiveSecurity Architecture (Gartner).�
Experience of continual, full life cycle, risk management activities� �?� Excellent
knowledge of information security concepts, protocols, industrybest practices and
strategies.
�?� Strong desire and hunger to learn as much as possible along with awillingness
to adapt and evolve to meet the needs of the subjects wemanage
�?� You�??ll need to have some passion and energy for the subject, we wantpeople
that care about shaping positive outcomes and enjoy working withinfast paced
dynamic environment.
�?� Strong communicator, get your message across well and clearly, peoplewant to
listen to you� �?� Sophisticated thinking, such as understanding concepts,
generating originalideas, and using logical approaches to address complicated
problems.
�?� Documentation and presentation skills, analytical and critical thinking
skills,and the ability to identify needs and take the initiative are vital
requirementsof the role holder..
he IT Security Manager performs two core functions for the enterprise. The first is
overseeing the operations of the enterprise�s security solutions through management
of the organization�s security analysts. The second is establishing an enterprise
security stance through policy, architecture and training processes. Secondary
tasks will include the selection of appropriate security solutions, and oversight
of any vulnerability audits and risk assessments. The IT Security Manager is
expected to interface with peers in the Systems and Network departments as well as
with the leaders of the business units to both share the corporate security vision
with those individuals and to solicit their involvement in achieving higher levels
of enterprise security through information sharing and co-operation.
Responsibilities
Operational Management
Position Requirements
o CompTIA CySA
o (ISC)2 CISSP
o ISACA CISA
� Produce high quality oral and written work product presenting complex
technical matters clearly and concisely.
Personal Attributes