The objective of an Information Security specialist position is to ensure that internal and regulatory IS requirements are properly addressed by respective units and perform information security risk management in accordance with the defined operational risk management processes.
Reports to Head of Chief Security Office.
- Act as coordinator and local point of contact in all information security-related topics for the international bank in Russia.
- Act as primary contact with respect to regulators, government agencies, associations, industry groups, business and clients.
- Ensure implementation of Information Security processes, identify gaps, ensure mitigations, and report to the Country Management.
- Monitor the local regulatory and legal environment, to capture new and changed requirements and to provide country feedback to the Regional CISO and Corporate Security Regulatory & Markets engagement team.
- Ensure compliance with local regulatory and legal requirements.
- Support and coordinate internal and external local audits related to Information Security.
- Provide consulting services to partners (IT management and business departments) and vendors regarding Information Security as well as specific Russian legal and regulatory requirements.
- Provide governance on the international bank's Information Security Policies, Standards and processes to partners.
- Support the organization and provide training to the network of Russian Information Security Stakeholders and to the local IT staff.
- Support on their daily tasks and conduct workshop work closely and collaborate with the Information Security Stakeholders, Data Protection, HR, Compliance, Corporate Security and Business Continuity teams, ensure the execution of information security-related awareness program in the bank in Russia.
- Develop and maintain local policies, if required, under the oversight of the Regional CISO and in alignment with the Group’s and any relevant divisional or functional Information security policies to ensure consistency in IS rule setting.
- Participate in realizing Information Security initiatives and programs.
- Ensure local projects involve Information Security at the project start, provide Information Security expertise and ensure participation of central CISO functions where necessary.
- Advise local businesses and other partners on CISO solutions and facilitate service adoption in cooperation with central CISO teams.
- Support Information Security Incident Management as necessary.
- Provide Information Security relevant updates to the country forums, divisions and functions as well as relevant parties.
- Minimum 5 years of experience related to Information and/or IT Security in the banking industry
- Extensive and demonstrated domain expertise of IT and Information Security
- Detailed knowledge in Information Security and/or in Russian IT regulations and legislation
- Expertise in technical security matter (e.g. Network Architecture, Firewalling, Encryption Techniques, IT, Audit and Penetration Test Methodology)
- Fluent English