Information Security Consultant / Auditor
This vacancy is only for Ukrainian residents within Ukraine.
We invite an experienced Information Security Consultant / Auditor to join our team. This position might be a good fit if you are interested in analysing and improving information security processes in modern technological companies.
We are a data security solutions company, our solutions are well-known amongst security-aware teams worldwide and popular for easily solving complicated security challenges. Apart from building “off-the-shelf” solutions, we design custom security controls for novel problems and handle mission-critical, multi-app, multi-platform distributed systems, addressing serious issues in the world around us.
We work in the B2B space, with customers such as power grid operators, payment processors, legal companies, and million-user customer applications.
Responsibilities:
- Understand the cybersecurity posture of technological organisations and guide them towards improvements.
- Lead internal cybersecurity programme (improving our security posture) as well as guide our clients.
- Conduct risk assessment and gap analysis for us and our clients: analyse risk posture, define sensitive assets, describe top risks & threats, identify gaps in security controls coverage, suggest missing controls and policies. Think NIST RMF, NIST SP 800-53.
- Outline organisation-wide and product-wide security roadmaps and plans.
- Select and insist on security controls that would mitigate high-priority risks (NIST SP 800-53).
- Design and draft security policies, procedures, standards and controls in line with regulations and/or relevant standards. Think ISO27K, NIST CSF, SOC 2.
- Assess software engineering processes and suggest improvements based on OWASP SAMM.
- Maintain and review ISMS documentation, suggest improvements.
- Maintain control documentation for relevant risk areas and business/technology processes.
Requirements:
- 5+ years of experience working as a risk & compliance auditor, information security officer, cybersecurity consultant, or in a similar role.
- Sound understanding of industry standards in cybersecurity (NIST, ISO, ITIL, ISF).
- Strong understanding of security and information security controls: which ones solve which problems.
- Good understanding of industry standards in privacy (GDPR, ISO 27018).
- Advanced knowledge of IT general controls (security, change management, disaster backup recovery, data centre, infrastructure, etc.), and IT governance processes (ITIL).
- Bachelor's or Master's degree in Computer Science, Cybersecurity, IT Auditing, Information Systems.
- Upper-intermediate English, written and spoken.
- Ability to work independently and as part of a team in a fast-paced environment.
Nice to have:
- In-depth technical understanding of information security, IoT and hardware, systems engineering, infrastructure, etc.
- Understanding of how large distributed systems are built or how they work. Think power plant control systems at country-scale.
- Desire to work on extremely innovative projects.
- Experience working in a multicultural context.
Hiring Process:
- Test task
- Introduction call
- Technical interview
- Offer
What’s in it for you?
- Competitive compensation
- Hybrid work model: this position allows for a combination of in-office and remote work as needed
- Paid vacation — 21 business days per year
- Paid sick leaves
- Combining technologies: cryptography, software engineering, information security
- Conferences, books, and courses if needed.
We invite an experienced Information Security Consultant / Auditor to join our team. This position might be a good fit if you are interested in analysing and improving information security processes in modern technological companies.
We are a data security solutions company, our solutions are well-known amongst security-aware teams worldwide and popular for easily solving complicated security challenges. Apart from building “off-the-shelf” solutions, we design custom security controls for novel problems and handle mission-critical, multi-app, multi-platform distributed systems, addressing serious issues in the world around us.
We work in the B2B space, with customers such as power grid operators, payment processors, legal companies, and million-user customer applications.
Responsibilities:
- Understand the cybersecurity posture of technological organisations and guide them towards improvements.
- Lead internal cybersecurity programme (improving our security posture) as well as guide our clients.
- Conduct risk assessment and gap analysis for us and our clients: analyse risk posture, define sensitive assets, describe top risks & threats, identify gaps in security controls coverage, suggest missing controls and policies. Think NIST RMF, NIST SP 800-53.
- Outline organisation-wide and product-wide security roadmaps and plans.
- Select and insist on security controls that would mitigate high-priority risks (NIST SP 800-53).
- Design and draft security policies, procedures, standards and controls in line with regulations and/or relevant standards. Think ISO27K, NIST CSF, SOC 2.
- Assess software engineering processes and suggest improvements based on OWASP SAMM.
- Maintain and review ISMS documentation, suggest improvements.
- Maintain control documentation for relevant risk areas and business/technology processes.
Requirements:
- 5+ years of experience working as a risk & compliance auditor, information security officer, cybersecurity consultant, or in a similar role.
- Sound understanding of industry standards in cybersecurity (NIST, ISO, ITIL, ISF).
- Strong understanding of security and information security controls: which ones solve which problems.
- Good understanding of industry standards in privacy (GDPR, ISO 27018).
- Advanced knowledge of IT general controls (security, change management, disaster backup recovery, data centre, infrastructure, etc.), and IT governance processes (ITIL).
- Bachelor's or Master's degree in Computer Science, Cybersecurity, IT Auditing, Information Systems.
- Upper-intermediate English, written and spoken.
- Ability to work independently and as part of a team in a fast-paced environment.
Nice to have:
- In-depth technical understanding of information security, IoT and hardware, systems engineering, infrastructure, etc.
- Understanding of how large distributed systems are built or how they work. Think power plant control systems at country-scale.
- Desire to work on extremely innovative projects.
- Experience working in a multicultural context.
Hiring Process:
- Test task
- Introduction call
- Technical interview
- Offer
What’s in it for you?
- Competitive compensation
- Hybrid work model: this position allows for a combination of in-office and remote work as needed
- Paid vacation — 21 business days per year
- Paid sick leaves
- Combining technologies: cryptography, software engineering, information security
- Conferences, books, and courses if needed.
About Cossack Labs
Cossack Labs provides data security solutions to help innovators protect sensitive data against external attackers, insider threats, and misconfigurations while remaining compliant with regulations.WHAT WE DO:
We specialize in working with mission-critical, multi-app, multi-platform distributed systems, addressing serious global issues. Our data security solutions cater to large enterprises, startups, and tech-savvy SMEs across various industries, including healthcare, IoT, power grid operators, payment processors, fintech, legal companies, million-user customer applications, decentralized finance systems, AI/ML, and more.
We take on difficult jobs, we take mission-critical software and make it mission-secure.
OUR TEAM:
Operating as a lean core team and a diverse network of experts, we bring together individuals with diverse backgrounds, including PhDs in information security and cryptography, infosec community standard contributors, experts in rare security topics, and business-centric security engineers. Some team members have been in infosec since the 1990s and have witnessed the industry's growth. Others have contributed to writing standards governing security practices.
LEARN WITH US
Explore case studies of our regular work from an engineer’s perspective, read Case Studies: https://www.cossacklabs.com/case-studies/. We are actively involved in cryptographic R&D, maintain free open-source software on GitHub (https://github.com/cossacklabs), share engineering experiences in blog posts, and conferences, and volunteer to help Ukrainian companies enhance security resilience during warfare.
JOIN US FOR A JOURNEY OF GROWTH:
As a Cossack Labs engineer, you will engage in slow-paced projects for learning and improvement, internal projects for innovation and tool-building, and, of course, a few challenges because no smooth sea can make a skilled sailor. Discover what works for you and identify areas for growth. Our core engineers undergo extensive indoctrination and training to become disciplined, stringent, and self-sufficient field units who take ownership of outcomes.
HOW TO APPLY:
Visit our website to learn more about the company and check for current job openings: https://www.cossacklabs.com/job/#open-positions.
Company website:
www.cossacklabs.com
DOU company page:
https://jobs.dou.ua/companies/cossack-labs/
Job posted on
10 April 2024
34 views 1 application
34 views 1 application
Average salary range of similar jobs in
analytics →
Similar jobs
Security Architect at OTP Bank UA 🏦
Ukraine
Ukraine
Старший мережевий адміністратор / NOC (Network Operations Center) інженер at Zagoriy Foundation
Ukraine
All jobs Information Security Kyiv All jobs Cossack Labs