Tasks and responsibilities:
He is in charge of governing the IT Security processes in the ICT sector.
It produces, documents and transfers the skills through the monitoring of all the activities of the various sectors and departments. He writes local procedures, issues awareness on security practice issues for business and the IT sector. It supports management in strategic decisions, focusing on the impacts of IT security.
It conducts investigations in the case of security incidents, analyzing each aspect, in particular identifying any critical security issues and incidents that have an impact with respect to the Company Security Plan, culminating in recommendations publications and conferring options for solutions to mitigate the risk . Participate across the projects, in the analyzes to ensure that there is complete coverage of security requirements.
It maintains constant contact with the management, raising awareness of the topics and innovations concerning security processes.
Continuously follows the world events related to the world of ICT.
OSSMTT and OWASP methodology
Experiences and training:
Engineering degree; Physics; Maths
At least 3 years of experience
In-depth knowledge in the following business areas: Procurement, Operation, IT, Infranstructure, Marketing, Financial, Human Resource. Ability to manage the budget and plan activities.
Experience in providing quality solutions to demanding deadlines, preferably in the CISSP, CISM financial services sector.
Extensive knowledge and experience of information on architectures, technologies and standards including encryption, identity management, PKI, intrusion detection and prevention, firewalls, network and application penetration testing
Knowledge of at least 2 of the following technologies:
ISS Enterprise Scanner
In-depth knowledge of the techniques of:
Understanding and experience in IT and quality standards (ITIL);
Experience in risk management frameworks and related methodologies;
Ability to identify, evaluate, analyze and manage IT risk;
Knowledge of the requirements, techniques and processes of Quality Assurance;
Capacity in identifying user requirements concerning the 10 IS layers;
Adequate knowledge of legislative, industrial and local policies;
Preferably accreditation to one of the following: CISM, CRISC, CISSP, CISM, CASP, CEH;
Attending courses on ISO-27001 and ISO-9001