On behalf of our client, a leading telecoms solutions provider we are looking for a Governance, Risk and Compliance to be based at their offices in Nicosia, Cyprus.
Main Duties and Responsibilities
- Establishes and maintains a corporate-wide information security management program to ensure that information assets are adequately protected.
- Designs, implements and monitors a strategic, comprehensive enterprise information security strategy and IT risk management program.
- Controls and influences the network security budget and ICT investment decisions.
- Plans regular penetration tests and oversees their implementation with adequate information security suppliers.
- Accounts for the end-to-end lifecycle of information security operations.
- Evaluates the IT threat landscape and Devises policy and controls to reduce risk.
- Keeps abreast of developing security threats, and helps the board understand potential security problems that might arise from acquisitions or other big business moves.
- Ensures that the organization is adaptable to evolving compliance regulations
- Establishes a robust crisis communication channel, disaster recovery and risk management system
- Makes sure all the above initiatives run smoothly and within allocated budget
- Provides leadership and clarity about importance of Information Security
- Understands and interacts with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
- Contributes in approving on selection testing, deployment, and maintenance of security hardware and software products as well as outsourced arrangements
- Demonstrates ability to visualize the total process and aids in locating problem areas using process mapping, quality improvement, and visualization tools to locate, quantify, and correct root causes of problems
- Performs periodic evaluations to maintain processes by gathering pertinent information such as problem symptoms, potential causes, and root causes, tracks, analyses and monitors technology performance metrics
Main Requirements
- University Degree in Computer Science, Information Technology, Management Information Systems, Computer & Communication Engineering or any relevant field
- Previous experience of 7-10 years a similar role
- ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, CISM, CEH or any professional security certification is needed
- Proficiency in Greek and English, French is a plus
- Experienced in risk management, information security and IT
- Proven experience in building technology related strategies
- Solid foundation in Security Centric Tech such as: DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies, coding practice.
- Thorough knowledge of security systems including Firewalls, IPS, WAF, SIEM, Antivirus, Malware protection and Anti-SPAM Engines
- In-depth expertise in ethical hacking and threat modelling and intrusion detection/prevention protocols
- Thorough knowledge of security challenging systems including Penetration Testing and Vulnerability assessment
- Thorough knowledge of systems including Servers, Switches, Routers, NAS Storage, SAN Storage
- Thorough knowledge in Disaster Recovery and Business Continuity Planning • General good database and database administration knowledge for MS-SQL and Oracle
- Experience with network topology and configuration (LAN, WAN, WLAN)
Benefits
- Attractive remuneration package
- 21 days annual leave
- Everyday lunch
- Yearly bonuses based on the Company’s and employee performance
- Flexible working hours
- Modern office environment
- Continuous personal development and training opportunities
All CVs will be handled with the utmost confidentiality.