We need your expertise if
- You've got a proven track record of getting a company certified under ISO 27001
- You've got experience in an International company
- You're fluent in English
- You have ISO 27001 Internal Auditor or Lead Auditor certification.
- You have 4+ years of experience in information security risk assessment, compliance, or security operations, at least 2 of them in an international company.
- You have extensive experience with relevant security regulations, standards, and frameworks, including ISO 27001 and GDPR.
- You have a proven track record of internal and external IT security audits.
and led and successfully completed ISO 27001 certifications bringing certificate to the company.
- You have developed information security policies, setup ISMS and guidelines, implement CIS20 and derive security requirements from them;
- You understand access modelling, are able to develop access models and assess them. You understand segregation of duties
- You have experience in IAM & SSO solutions. Understanding of purpose and approaches of IAM. Knowledge of key tasks: identify, authenticate, and authorize
- You have good knowledge of risk management, its purpose, and approaches and able to evaluate risks and create a risks management plan
- You understand OWASP Top 10 and are able to describe vulnerabilities, ways of exploitations, and fix methods
- You have a deep understanding and have implemented of vulnerability & patch management. Knowledge in vulnerability scanners. Ability to validate scan results and provide recommendations
- You are able to develop and conduct security trainings and workshops
- You are fluent in English
- Good communication skills, responsible, initiative, self-organized, eager to learn
- Experience in Secure AWS Security would be a plus
- Conduct internal security audits, create an action plan & practical roadmap based on the audit results
- Develop and enhance an information security management framework to ensure business sustainability
- Build and maintain compliance guidelines. Create policies and standards for IT security and compliance
- Conduct general IT security awareness training for the company staff
- Evaluate and manage corporate risks related to IT security
- Build and maintain application-specific threat models, explicitly apply security principles to design
- Participate in the corporate certification and compliance activities
- Design and implement security architecture and detailed cybersecurity designs together with IT and software development departments
- Prepare and document standard operating procedures and protocols
- Cooperation with Finance and Legal, Sales & Marketing, Product Management for all security-related topics (audits, contractual compliance, reviews, risk assessments, etc.)
- Keeping up to date with developments in IT security standards and threats
We focus on YOU:
- Your Development: 50% compensation of approved prof. courses
- Your Resource: 20 business day vacation
- Your Comfort: cozy office downtown
- Great team and product that benefits people
Swiss fintech startup, offering PAYD and PHYD insurance underwritten by partner insurers
DOU company page:
Job posted on
16 July 2021