Ogólne informacje

Stanowisko
Information Security Analyst
Wymiar czasu pracy
Pełny wymiar czasu pracy
Miasto
Kraków, Rzeszów
Kraj
Polska
Dział
Business Services Center (PL)
Zespół
Information Technology
Obszar zainteresowania
IT - Development, IT - Services
Tryb pracy
Hybrydowy

Opis i wymagania

Who we are looking for
  • At least 2 years of experience in Information Security area;
  • Comfortable with information technology, systems and data;
  • Knowledge of administrative, technical/logical and physical information security controls;
  • Familiarity with the ISO 27001:2013 family of standards, NIST, COBIT, ITIL is an advantage;
  • Proficiency in Microsoft Office;
  • English – advanced level, both written and spoken;
  • Analytical skills and thoroughness;
  • Good communication skills and service quality oriented;
  • Sense of responsibility and willingness to learn new systems and processes.
Your future role
Documentation Life Cycle Management:

  • Manage the information security document lifecycle process;
  • Maintaining and developing Information Security documentation including but not limited to policies, standard, procedures and guidelines according to DTTL, regulatory, business and security requirements;
  • Periodical review and update of the Information Security documentation;
  • Performing GAP analysis against requirements stated in the Information Security documentation;
  • Acting as a SME in the area of Information Security Policies. It includes but not limited to advice on how to interpret and implement requirements.

Client Security Assistance:

  • Ensuring compliance with Client security requirements through the following:
  • Review and comment of Client Security Questionnaire;
  • Review and comment of Information security related parts;
  • Acting as a SME in the area of Clients’ Information Security requirements assessment process, including close cooperation with Privacy and Confidentiality Office and Legal Department;
  • Support with Client information security audits.
  • Monitoring mitigation status of audit findings.

Change Management:

  • Close cooperation with PMO (Project Management Office) in the area of change management process that requires security involvement.

CISO Office Administration:

  • Maintaining Service catalogue for CISO office
  • Maintaining the list of processes performed by CISO Office
  • Preparation and maintenance maps of processes of CISO office
  • Maintenance of the Security website
  • Support with the Internal and External Information Security audits
  • Close cooperation with Information Security Risk Management Specialist in the area mitigation of the identified risks.

Management reporting:

  • Gathering of information from all CISO team members regarding closed, ongoing and planned long and short-term activities, achievements, challenges and topics that require leadership decision or approval;
  • Preparation of security dashboard for Information Security and Business Continuity Council;
  • Preparation of security dashboard for Reputation and Risk Leader (RRL);
  • Updating information about KRI (Key Risk Indicators);
  • Other reporting activities required by the leadership;
  • Maintenance and update of Security Intranet.

Access Rights Management and Review:

  • Manage of access rights to the resources owned by CISO;
  • Review of access rights to the resources managed by CISO;
  • Review of access rights of all CISO team members.

Data Leakage Prevention:

  • Monitoring of DLP alerts.
What we offer
Selection process
🛋️ Take part in our selection process right from the convenience of your home.

💻 In case your educational / professional background meets the core requirements of the position, we will invite you to a live video interview, that gives us the opportunity to talk to each other just like it was a meeting in person.