Information Security and Governance Officer

Acest job nu mai este activ!

Vezi toate job-urile Rompetrol – membru KazMunayGas active.

Vezi toate job-urile Information Security and Governance Officer active pe

Vezi toate job-urile in Altele active pe

Vezi toate job-urile in IT Software active pe

Angajator: Rompetrol – membru KazMunayGas
  • Altele
  • IT Software
  • Tip job: full-time
    Nivel job: peste 5 ani experienta
  • Actualizat la: 27.08.2017
    Scurta descriere a companiei

    Rompetrol, part of KMG International, is the place where thousands of minds spread throughout 11 countries are connecting to each other to create the energy we all need to get further. You may think of us as an Oil & Gas powerhouse, which combines the strength of the experienced with the eagerness of the new.
    This is how we grew over the past 40 years into a group of true professionals, specialized in diverse fields of work: Trading, Refining & Petrochemicals, Retail, Industrial Services.
    We believe that through trial and perseverance, true ambition is inspired and success achieved. With this reasoning, we intend to welcome you to our Rompetrol family and help you reach your full potential. So, are you ready to begin or continue your career, in a diverse and fulfilling environment?


    - At least 5 years of experience in adjacent areas such as, Security Operations Center, Network Operations Center, System Administrator, Platform/Tool Support Engineer, IT Helpdesk support.
    - Good understanding of the commonly used concepts, practices, and procedures within Information Security with a bonus for ICS / SCADA security knowledge.
    - Good knowledge of local regulations related to information protection, IT and cyber security.
    - Good understanding of application security, secure programming, vulnerability analysis, penetration testing, encryption technologies, intrusion detection and incident response management practices.
    - Excellent understanding of concepts and practical enactment of Information Security Risk. Management (control frameworks, control lifecycle, implementation and measurement).
    - Practical experience with deployment and/or operation of the following security solutions:
    - Advanced Endpoint Security solutions
    - Web and Email Security Gateways
    - SIEM systems
    - Data Loss Prevention (DLP) systems
    - Secure Network Access and Identity Services solutions
    - Strong experience in securing Directory Services such as AD, LDAP.
    - Proven previous experience in managing Firewalls, VPNs, IDS or other commercial network security solution (Cisco, Fortinet, etc.) and excellent understanding of network technologies.
    - Strong experience with network forensics and data preservation.
    - Experience with patching and software deployment technologies.
    - Previous experience in deployment, fine tuning and management of Windows server and/or Unix operating systems.
    - Experience in performing Information Technology technical audits, security vulnerability assessments, system configuration verifications and security related assignments.
    - Experienced in Application and Information Security Architecture.
    - Excellent understanding of ISO:IEC 2700x (PCI DSS, NIST, SAS70 and/or others would be a plus).
    - Experience of working in a mixed OS, Cloud, SaaS, Web, API and Mobile Application environments.
    - Experience with conducting Threat and Risk assessments and Vulnerability Assessments of IT systems.
    - Industry or vendors certifications from ISACA, ISC2, GIAC, EC-Council, Cisco, Juniper, CompTIA, ITIL, Microsoft, Oracle, etc. are considered a plus (ex. CISA, CISSP, CISM, ISO2700x, COBIT).
    - Passionate about Information Security, inquisitive, energetic and eager to learn.
    - Good communication, documentation and presentation, interpersonal and team-player skills.


    - Assist in planning, management and execution of vulnerability and risk assessment projects.
    - Analyze new and upcoming security solutions to protect company and customer data.
    - Execution of Threat and Risk Assessments of enterprise IT systems and documenting recommendations on how to mitigate risks.
    - Performing internal security audits against Government and ISO:IEC 2700x standards. Audits may be required to be performed at remote sites including abroad entities, on occasion.
    - Researching and tracking information about current security threats and potential vulnerabilities. Initiate escalation procedure to counteract potential threats/vulnerabilities.
    - Assist in managing IT incidents and resulting Security investigations. Acting as initial contact for IT Security related incidents. Ensuring the reporting, investigation and escalation of incidents is completed where appropriate.
    - Assist the Group Security Lead in supporting Procurement function for new acquisitions / purchases and help to manage the relationships with suppliers / partners to assure levels of Security & Continuity capabilities are commensurate.
    - Participate in DLP related incident investigations, determining the cause of the security incident and preserving evidence for potential legal action.
    - Pro-actively identify vulnerabilities and weak security controls, conduct security audits and recommend improvements and corrective actions to the relevant teams.
    - Ongoing development of Security Event Logging retention process at Group level.
    - Assist in performing policy compliance reviews of enterprise IT systems and business application systems.
    - Collecting, monitoring and analyzing Group IT security metrics to measure the effectiveness of ISO's IT security management processes and producing relevant reports.
    - Documenting and updating elements of IT security governance (e.g. policies, procedures, standards)
    - Serve as a point of contact for information security inquiries and audits.
    - Ensuring that security issues identified during internal and other third party security reviews are communicated to technical teams and that appropriate and up to date action plans exist to clear issues.
    - Performing Security awareness and training on both a group and individual basis.