Yeni Karyeranı Kəşf Et: 1is.az ilə İş Axtarışına Başla!

İş rejimi

Tam iş vaxtı

Kateqoriya

İnformasiya texnologiyaları və proqramlaşdırma

Yaş

0-0

Təcrübə

3 ildən 5 ilə

Əlaqədar şəxs

Maaş

0-0

Bitmə vaxtı

20-10-2022

Baxış sayı

479

Vəzifə təlimatları

Develop and Implement information security audit processes for application software/networks/systems and oversee ongoing audits to ensure that operational processes and procedures are in compliance with organizational and mandatory secuirty requirements and accurately followed by Systems Administrators and other cybersecurity staff when performing their day-to-day activities
Develop methods to monitor and measure risk, compliance, and assurance efforts
Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to ensure new and existing information technology (IT) systems meet the organization’s information security requirements. Ensures appropriate treatment of risk, compliance, and monitoring assurance from internal and external perspectives
Develop and document supply chain risks for critical system elements, as appropriate
Participate in the acquisition process as necessary, following appropriate supply chain risk management practices
Provide enterprise information security and supply chain risk management guidance for development of the Continuity of Operations Plans
Interpret patterns of non-compliance to determine their impact on the enterprise's levels of risk and/or the information security program's overall effectiveness
Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk
Draft and publish security policy
Document and manage an enterprise technical risk register prioritizing and managing technical risks throughout the system lifecycle
Perform security reviews, identify gaps in security architecture, and develop a security risk management plan
Provide input to the Risk Management Framework (RMF) process activities and related documentation (e.g., system lifecycle support plans, concept of operations, operational procedures, and maintenance training materials)
Develops, plans, coordinates, delivers, and/or evaluates instructional cybersecurity content using various formats, techniques, and venues

Namizədə tələblər

Minimum Bachelor’s Degree in Information Technology, Computer Science, Information Security or Applied Mathematic or at least 3 year experience in Information Security
Knowledge of cryptography and cryptographic key management concepts.
Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.
Knowledge of information security principles and organizational requirements to protect confidentiality, integrity, availability, authenticity, and non-repudiation of information and data.
Knowledge of Risk Management Framework (RMF) requirements.
Knowledge of current industry methods for evaluating, implementing, and disseminating information security assessment, monitoring, detection, and remediation tools and procedures, utilizing standards-based concepts, and capabilities.
Knowledge of system diagnostic tools and fault identification techniques.
Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
Knowledge of Personally Identifiable Information (PII) data security standards.
Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, GDPR), Azerbaijan Law of Privacy, Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.
Knowledge of information technology supply chain security and risk management policies, requirements, and procedures.
Knowledge of local specialized system requirements (e.g., critical infrastructure systems that may not use standard information technology [IT]) for safety, performance, and reliability.
Skill in evaluating the trustworthiness of the supplier and/or product.
Knowledge of relevant laws, policies, procedures, or governance related to work impacting critical infrastructure.
Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zackman, Federal Enterprise Architecture [FEA]).
Knowledge of an organization's information classification program and procedures for level information loss.
3+ years’ experience in Information Technologies, Telecommunication or İnformation Security sphere
Knowledge of Languages: English (fluent), Azerbaijani (fluent), Russian (intermediate)
Microsoft Office skills
Information Security Organization and Technologies
Enterprise Systems and Networks
Telecommunication Systems and Networks
International certifications in Information Security such as CISSP, CEH, CISA, CISM, CCNP Security are desirable

Ad:

Soyad:

Email:

Telefon nömrəniz:

Cv endir:

ICT Risk Management Senior Specialist

Vəzifə təlimatları

Namizədə tələblər

1iş.az

Bildirişləri əldə et