Head of IT Compliance & Security

職務概要

JOB DESCRIPTION - Ensuring IT systems and applications within our organization meet the needs of the business while adhering to security best-practices, compliance and regulatory requirements. - Develop and implement the identification, assessment and mitigation of information security risks. - Develop and issue policies, procedures and guidelines related to information security in line with company's reality (PCI-DSS, ISO 27001,...). - Be a contact point for reporting information security compliance to competent authorities. - Responsible for the day to day information security operation. - Create high quality reports, ready for review by CIO. - Identify potentially unwanted behavior and patterns of abuse on the system, and take steps to moderate and restrict this behavior. - Conduct the Vulnerability Assessment and Advanced Penetration Testing for: Web Application, Mobile Application, Network, Servers, Workstations. - Fight against threats to user safety (such as account takeover, privileged access abuse, fraud, unintentional data leaks etc). - Creating phishing campaigns and performing physical social engineering to obtain system and building access as well as to gather critical documents and information. - Performing code review: static, dynamic, and manual source code review. - Lead Incident Response activity (Identification, Response, Recovery and security incident investigations). - Perform security audits driving industry standard benchmarks. - Provide security guidance and input to engineering and operational teams during design review and threat modeling. - Develop secure coding practices and recommend technical mitigations for development teams. - Develop hardening guidelines and review security configurations. - Design and implement security patterns, systems, tools, infrastructure and frameworks to protect organization’s intellectual property against all types of threat and adversaries. - Secure design, build, assess and operate industry standard data security solutions for cloud hosted and traditional environments. - Implement data security controls to ensure a secure production environment. - Perform data security risk assessments and provide remediation recommendations. - Research and understand external best practices and emerging technologies for possible incorporation into organizational data security practices. - Work closely with key business partners, internal technology teams and external vendors to research, deploy and configure technologies and processes that strengthen the defenses of the enterprise. - Translate highly technical concepts into business impact and make remediation recommendations.