Information Security Officer
Established in 1994, TotalSoft is one of the most important providers of business software systems (ERP, HCM, CRM, DM and BI) in Central Europe.
TotalSoft is the preferred ERP solutions provider in Romania and one of the top 10 global providers of software solutions for the leasing industry.TotalSoft’s top products, Charisma ERP, Charisma HCM are market leader products in Romania, with relevant references in 8 industries: financial services, retail, distribution, production, construction, agriculture, medical and services.
Currently, TotalSoft has a team of +500 software specialists and projects in 45 countries on 4 continents.
In autumn 2016, TotalSoft was acquired by Logo Business Investment S.A. (Logo), the largest independent software provider in Turkey. With over 35 years of experience, Logo is one of the fastest growing software companies, delivering innovative solutions and services through more than 800 partners. The company is present on 45 international markets serving over 90,000 customers in Europe, Middle East, Africa and Asia. Logo is the first publicly traded IT company in Turkey.
For more information, please access: totalsoft.ro, charisma.ro and logo.com.tr/en.
What you need to succeed:
Understanding of IT Security Policies and Procedures, IT Security Standards
(ISO 2700x family of standards), Regulations (GDPR, NIS), Frameworks (OWASP, NIST, etc.)
Understanding Windows-based environments and products (Windows Server, SQL Server, IIS etc.)
Understanding network components and configurations (Firewall, Router, Switch, VPN, IPS/IDS, Proxy, etc.)
Understanding cloud deployment models (SaaS, PaaS, IaaS, private, public)
Understanding overall Threats, Attacks, and Vulnerabilities (Social Engineering, Service Attacks, Cryptographic Attacks, Untrained Users, etc.)
Understanding Identity and Access Management (AAA, SSO, RADIUS, Access control models, Permission auditing, etc.)
Understanding Risk Management (Risk Assessments, Asset Management, Change Management, etc.)
Understanding SDLC models and Application-specific Vulnerabilities (SQL injection, XSS, etc.)
Understanding Agreement types – NDA, DPA, SLA, etc.
Understanding Disaster Recovery, Business Continuity, and BIA concepts
Understanding basic concepts of Cryptography (Symmetric / Asymmetric algorithms, Cipher modes, Hashing, Cryptographic protocols, etc.)
Understanding command-line tools (netstat, tcpdump / wireshark, nmap, netcat etc.) and vulnerability scanning tools (Nessus, Qualys, etc.) is a plus
What you will do:
Assess the overall security posture of an organization, identify potential risks and opportunities, propose measures to mitigate risks
Work with IT Support Team to help implement and verify security measures: patch management, systems, and devices hardening, asset management, change management, network security
Conduct vulnerability tests on various environments and create reports containing remediation plans
Create and update: IT Security policies and procedures; IT Security awareness materials for users of the organization’s IT networks and systems
Represent organization for ISO surveillance and recertification audits
Prepare Disaster Recovery and Business Continuity Plans and conduct tabletop and functional tests
Work with DPO and Legal Advisors to review various Clients’ contractual security requirements
Work with Clients’ IT Security Officers to identify gaps and improvements on hosted systems provided to Clients (multi-layered Windows-based environments: Database, BI, Application, etc.)
Provide answers and proofs to Clients’ security questionnaires or other external requested audits
We offer a motivating package:
Professional and friendly working environment
Training and on-going development opportunities
Exposure to challenging projects in various industries both local and international
Private medical services
What recommends us?
We do things with energy, passion, and curiosity, and we are backed by our culture of innovation. We offer a diversified range of activities in an international environment as well as a dynamic team with ambitious, yet realistic, objectives for the future, promoted by an open team and communication culture.