¡Gracias por escribirnos!
Group IT Security SME Madrid (Madrid)
- Ref: 2544372
- Madrid (Madrid)
- Hace 19 horas (Actualizada)
Jornada Completa - Contrato sin especificar - Retribución sin especificar - Al menos 5 años de experiencia
Company with over a hundred years of experience. We are the leading operator in the Spanish road passenger transport sector, with national and international presence. In Alsa we work more than 8300 professionals between Switzerland, Morocco and Spain. Grow with great professionals!
Duración de la oferta: hasta el 20/10/2019
The person selected for the position will be responsible for carrying out the following functions: Assess and evaluate third party suppliers through defined instruments to establish their IT security position, identify associated risks and communicate the outcome to relevant stakeholders Support activities concerning IT security assessment of prospective acquisitions of companies to determine any gaps that require mitigation and communicate risks to the appropriate stakeholders Evaluate IT security advisories and determine actions to assign them to an appropriate team Supervise and coordinate the penetration testing and vulnerability scanning activities executed by a third party provider Provide advice to projects and initiatives in the form of IT security requirements Respond to IT security incidents, suspicious activity or alerts to prevent adverse impact to users, processes, systems or data Support current IT security initiatives in-flight to successfully take them to completion Own and advise on IT security in corporate forums such as Change Advisory Board (CAB), Technical Design Authority (TDA) and ISO27001 committees as applicable Advise business functions on compliance requirements for relevant frameworks (such as PCI DSS, GDPR and ISO27001) Review and provide input on corporate documents concerning IT security, such as policies, supplier contracts, service contracts and data processing agreements Participate in meetings where IT security support is required, including project, debrief, catch-up, supplier, security testing and any other as applicable Appraise IT security risks, manage the IT security risk register and, where applicable, support and coordinate ISO27001 compliance activities Create summaries, updates and reports with the relevant periodicity required according to the IT security process Act as a point of contact for ad-hoc enquiries, troubleshooting issues and general support concerning IT security Communicate proactively and effectively with all stakeholders, internal teams, suppliers and any other involved party in the IT security processes Liaise with the wider IT security representatives at a Group level to exchange knowledge and contribute to the wider strategic and tactical initiatives
The ideal candidate will have the following skills and experiences: Significant experience in corporate IT security on large and diverse organisations (5-10 years A recognised certification in IT security (CISSP and/or CISM, or equivalent) Understanding of ISO27001, CIS controls, NIST Cyber Security Framework, PCI DSS and GDPR Ability to analyse from a technical point of view an IT solution to identify appropriate IT security controls Ability to identify potential weaknesses on a given IT solution (e.g. through threat modeling and/or risk assessment) Ability to define or assess IT security requirements for an IT solution in a written format for consumption of other stakeholders of the development or deployment pro Ability to assess IT security incidents, IT security advisories and IT security issues collating technical and functional information to define mitigating actions Ability to communicate technical findings or vulnerabilities in plain language to varied audiences across the organisation Ability to create, review or amend corporate documents related to IT security including but not limited to policies and legal contracts Ability to support conversations with a broad set of stakeholders, including but not limited to, project managers, third party suppliers, technical teams and functional teams General technical knowledge including but not limited to networks, operating systems, databases, application servers, web servers, cloud security (e.g. multi-tenancy, public/private implementations, SaaS, PaaS, IaaS), end-point security (e.g. hardening, anti-malware), web application security (e.g. OWASP), network security (e.g. IDS/IPS, SIEM, DDOS mitigation and WAF) and penetration testing Demonstrable success in influencing stakeholders to manage conflicting schedules, demands and priorities Experience in multi-leveled organisations to identify and manage IT security risks Experience in working with multiple suppliers and partners responsible for areas of delivery Self-sufficient and dynamic individual who is able to hit the ground running A passion to get involved with technical challenges and broaden skills and abilities Excellent English verbal and written communication skills
At ALSA we promote professional growth, do not hesitate to join a company with more than 8,500 employees and an international presence. Take advantage of this great opportunity!
Tecnología e informática
Más ofertas para ti
Hace 5 díasInscríbete
Para crear una alerta debes regístrateo
¡Gracias por escribirnos!