Information Security Consultant / Auditor

This vacancy is only for Ukrainian residents within Ukraine.

We invite an experienced Information Security Consultant / Auditor to join our team. This position might be a good fit if you want to analyse and improve information security processes in modern technological companies.

As a company specialising in data security solutions, our products are well-known amongst security-aware teams worldwide and are popular for easily solving complicated security challenges. Apart from building “off-the-shelf” solutions, we design custom security controls for novel problems and handle mission-critical, multi-app, multi-platform distributed systems, addressing serious issues in the world around us.

We work in the B2B space with customers such as power grid operators, payment processors, legal companies, and million-user customer applications.

Responsibilities:

• Understand the cybersecurity posture of technological organisations and guide them towards improvements.
• Conduct risk assessment and gap analysis for us and our clients: analyse risk posture, define sensitive assets, describe top risks & threats, identify gaps in security controls coverage, suggest missing controls and policies. Think NIST RMF, NIST SP 800-53.
• Outline organisation-wide and product-wide security roadmaps and plans.
• Lead cybersecurity programme (improving security posture) for our clients.
• Select and insist on security controls that would mitigate high-priority risks (NIST SP 800-53).
• Design and draft security policies, procedures, standards and controls in line with regulations and/or relevant standards. Think ISO27K, NIST CSF, SOC 2.
• Maintain and review ISMS documentation, suggest improvements.
• Maintain control documentation for relevant risk areas and business/technology processes.

Requirements:

• 5+ years of experience working as a risk & compliance auditor, information security officer, cybersecurity consultant, or in a similar role.
• Sound understanding of industry standards in cybersecurity (NIST, ISO, ITIL, ISF).
• Strong understanding of security and information security controls: which ones solve which problems.
• Good understanding of industry standards in privacy (GDPR, ISO 27018).
• Advanced knowledge of IT general controls (security, change management, disaster backup recovery, data centre, infrastructure, etc.) and IT governance processes (ITIL).
• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, IT Auditing, Information Systems.
• Upper-intermediate English, written and spoken.
• Ability to work independently and as part of a team in a fast-paced environment.

Nice to have:

• In-depth technical understanding of information security, IoT and hardware, systems engineering, infrastructure, etc.
• Understanding of how large distributed systems are built or how they work. Think power plant control systems at country-scale.
• Desire to work on extremely innovative projects.
• Experience working in a multicultural context.

Hiring Process:

• Test task
• Introduction call
• Technical interview
• Offer

What’s in it for you?

• Competitive compensation with bonuses
• Hybrid work model: this position allows for a combination of in-office and remote work as needed
• Paid vacation — 21 business days per year
• Paid sick leave
• Work at the intersection of cryptography, software engineering, and information security
• Opportunity to contribute to mission-critical projects
• Reimbursement for courses, certifications, and books