Ensures that the risk to the DOKU’s information posted by a variety of cyber threats (cyber-attacks; theft or corruption from within; etc.) is minimized. When cyber-attacks occur or data are stolen or compromised, these incidents are dealt with promptly and effectively and the chance of that particular type of incident recurring is minimized.
Implement and administer system and procedures to ensure the protection of information processed, stored and transmitted
Ensure business relationships involving third parties, outsourcing and consultants meet DOKU’s Information protection requirements
Ensure that all highly sensitive & restricted information is identified as required by the policy & all applicable standards are followed
Resolve moderately complex issues regarding information systems security, including access control administration and violation analysis.
Assist in identifying security risks and exposures, including security violations by participating in security reviews, evaluations and risk assessments.
Collect and compile historical data on system access and generates reports and analyses
Record and respond to security incidents
Vulnerabilities scanning with security tools that are credible.
Device control & Software control administration
Monitor compliance to Security Standards (PCI, ISO 27001, CyberSecFramework) and conduct regular reviews
Information Security Awareness training
Maintain strong effective partnership with component teams as well as subject matter experts
Maintain a positive attitude and professionalism while dealing with difficult partner
A bachelor’s degree in information technology or computer science is required
3-5 years of relevant experience would be attractive within the IT Security or banking field
System and Technology experience in multi-national company preferable
IT Security and risk management experience
Knowledge of, and experience with Networking Protocol, Cyber Security incident types such as a denial of service attacks, malicious software infections, active intrusion techniques, and misappropriate use scenarios would be advantages
Strong analytical, written communication, interpersonal, and presentation skills
Certified in information security (CISSP, CSSLP, CCFP, CISM, etc.) or comparable work experience will be given preference. Risk analysis/assessment experience a plus.
Strong understanding and demonstrated experience using IT control methodologies and standards
Demonstrate knowledge in one or more critical areas of technology including operating systems, data centers, and network technologies (routers, switches, firewalls)
Experience with Microsoft Windows Server/Unix server required. Microsoft Project experience preferred.