Chief Information Security Officer
The CISO provides subject matter expertise and guidance in establishing, overseeing and coordination information security throughout the enterprise and in ensuring compliance with Payment Card Industry Data Security Standard (PCI DSS), Global Privacy Acts/Mandates, and other security requirements.
Client Details
Our Client is an international, very stable and well-known company from fashion industry that will migrate processes from its subsidiaries to IT Security in Katowice. This American company is growing in European market and is well-known for high quality, marketing creativity and popularization of new styles.
Description
Scope of work
The main target is to standardize, develop, maintain and asses business processes that impact cybersecurity, and provide the guidance in collaboration with the corporate functions involved in order to:
- Define proper security governance intended to Policies, Procedures and systems by which the organization manages and controls cybersecurity activities
- Maintain and develop the cybersecurity governance structure
- Define with the stakeholders and implement a 36-month cybersecurity roadmap, with quarterly milestones
- Report to management on the status, plans and investments related to the roadmap mentioned above
Managing relations with institutions on data and information security issues, providing support in the preparation of meetings, deliverables, etc.
Essential Function:
Execute the planning, implementation and management of an enterprise wide
information security infrastructure. Oversee the establishment, implementation,
adherence to and documentation of all information security policies, procedures,
and processes. Review new or modified PCI DSS requirements and other
federal and state laws pertaining to information security to determine if new
policies and procedures are needed; and monitor related "best practices" and
emerging security technologies for potential application.
Adhere to and achieve regulatory Information Technology (IT) and Security
compliance standards including PCI DSS, European Union (EU) Safe Harbor
Privacy Act, US State privacy regulations, and Sarbanes-Oxley (SOX)
Compliance. Employ generally accepted risk analysis and risk management
methodologies to perform initial and periodic security gap analysis and risk
assessments to determine specific needs for security policies and procedures,
and to evaluate the potential effectiveness and appropriateness of available
security solutions. Serve as an independent auditor for information security
processes.
Oversee the development and delivery of appropriate information security
training/awareness to all members of the workforce, including employees,
contractors, temporary employees, business associates and other third parties.
Develop and manage the organization's information security compliance
monitoring program. Monitor internal control systems to ensure that appropriate
information access levels and security clearances are maintained. Initiate,
facilitate and promote activities to foster information security awareness within the organization.
Certify that information technology systems meet predetermined security
requirements. Consult with users to determine hardware and software functional
specifications for security systems. Serve as the information security liaison for
Human Resources to perform investigations. Analyze security risks that could
affect the global IT computing environment. Review and approve all system
related information security plans throughout the organization. Respond to all IT
and business unit requests in a timely manner.
Profile
Nature of Experience:
- Education level : at least Bachelor's Degree major in Information Technology,
- 8+ years in working in a complex IT security environment with Public Key Infrastructure, High Security Modules (HSM), Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) security appliances,
- Problem diagnosis and security optimization in a large enterprise. Familiarity with Payment Card Industry Data Security Standard (PRI DSS) and IT General Controls (IIGC),
- Familiarity with SOX general operating controls.
Certifications:
Mandatory
- CISSP (Certified Information System Security Professional)
Suggested
- GPEN
Good to have:
- OSCE (Offensive Security Certified Expert),
- OSWP (Offensive Security Wireless Professional)
- CHFI Certified Hacking Forensic Investigator)
- CEH (Certified Ethical Hacker)
- PALOALTO ACE (Accredited Configuration Engineer)
- CCIE (Cisco Certified Internetwork Expert)
- CCDE (Cisco Certified Design Expert)
- CCNA (Cisco Certified Network Associate)
Job Offer
Benefits will be adjusted according to the position.
Examples of benefits:
- Private medical healthcare
- Flexible working hours
- Trainings financed by employer
- Product discount
Location: Katowice
Contract type: Na czas nieokreślony
About Michael Page
Michael Page is a leading professional recruitment consultancy specialising in the recruitment of permanent, contract and temporary positions on behalf of the world's top employers.
More
