Senior Information Security Officer

Angajator: UniCredit Bank
Domeniu:
  • Banci
  • IT Hardware
  • IT Software
  • Tip job: full-time
    Nivel job: peste 5 ani experienta
    Orase:
  • BUCURESTI
  • Actualizat la: 18.09.2019
    Scurta descriere a companiei

    In Romania, UniCredit Bank este una dintre principalele institutii financiare, oferind servicii si produse de inalta calitate pentru toate categoriile de clienti. UniCredit Bank isi propune sa mentina permanent clientul in centrul activitatilor sale, sa fie un partener cu care se lucreaza usor si sa fie o parte foarte activa a comunitatilor in care isi desfasoara activitatea.

    Cerinte

    Requirements:
    • University degree in computer science, telecommunications, cybernetics or technical related
    • Minimum 5 years in IT security related environment of at least medium sized computer network
    • Minimum 2 years of banking experience
    • High knowledge of infrastructure and communication devices and software
    • High level knowledge of operating systems: Linux or Unix, MS Windows Servers (user administration, security settings, etc.) and databases
    • Good knowledge of security applications (Firewalls, Proxies, VPN, AV, IPS, DDoS, WAF, DAM, etc.)
    • Working knowledge of security standards and procedures
    • High level knowledge of using MS Windows workstations and related applications

    Competencies:
    • Very good communication skills
    • Team spirit, Fast learner
    • Customer focus, able to perform under stress
    • Problem solving abilities
    • Proactive attitude
    • English language (fluent in both writing and speaking)
    • Very good knowledge of MS Office (MS Word, MS Excel, MS Power Point)

    Responsabilitati

    Responsibilities:
    • Evaluates and approves changes from the established IT security standards
    • Provides security design review and consultancy and evaluation for new initiatives and projects and security UAT approvals before go-live
    • Provide technical recommendations to ensure the security of data processed (encryption, firewalls, etc.)
    • Ensure the security of data processed within the bank (make sure that standards for security are met); suggest new means of ensuring the necessary security levels
    • Provide governance over Identity and Access Management (IAM) processes in UniCredit Bank and collaborate with ICT Management Department to ensure effective controls over IAM processes
    • Ensure user and access rights recertification is performed in UniCredit Bank according to the frequency established (annual) by UniCredit Bank responsible. This includes close monitoring and timely escalation of non-effective activities. Also, this includes performing user and access rights recertification for technical accounts/systems which are to be performed by the Security Office
    • Performs segregation of duties and toxic combination analysis for the entire portfolio of bank applications
    • Responsible for defining security baselines, security plans and procedures for existing and new systems
    • Provides technical support and consultation for enhancement of and change to network and applications security configurations
    • Recommends the implementation of security controls for both Internet-facing and internal applications, infrastructure and services
    • Defines security requirements for new systems and applications
    • Specifies application security requirements for projects and analyses the vendor specifications
    • Performs applications security review, requests high level code design reviews and evaluates security testing results
    • Performs ICT Security risk assessments and review vulnerability testing outcomes of critical applications
    • Identifies risk to corporate and client data with effective risk analysis processes
    • Identify effective controls at all levels of the technology stack and enforce security requirements for protecting data against unauthorized, accidental or deliberate, modification, disclosure, denial, and destruction
    • Fulfills the tasks described in the document containing the tasks & processes related to IT security team, which are assigned by the team’s head, by a Helpdesk software application or are taken over voluntarily
    • All responsibilities of the position holder are completed by internal working procedures & regulations. The job holder is responsible to know and to be updated with procedures in force