Luxoft is looking to hire information security officer position for SaaS (FCI) product offering, aimed at financial services organisations. The security officer oversees and coordinates security efforts across the SaaS offerings including departments such as corporate cyber security teams, information technology, legal, finance management and other groups, and identifies and establishes security initiatives and standards for all SaaS offerings. The Information security officer is responsible for planning, directing and coordinating the SaaS offerings' information security policies, setting procedures and guidelines to ensure that all information systems are functional, secure and safeguarded and are in compliance with privacy, customer trust and information security laws and regulations applicable to financial institutions. The security officer is responsible for working with key individuals throughout the organization to develop business cases for new security projects and in the risk assessment of existing and planned information systems.
Additionally, the Information security officer is responsible for providing leadership as well as insuring the technical and administrative support for the development of Disaster Recovery and Business Continuity programs for the bank. The role is hands-on
- Develop strategy on security for SaaS offerings and based on that, create/modify security policies, procedures and any other required artefacts
- Identify gaps in SaaS offerings security architecture and create a plan to close the gaps by means of updated processes, procedures, industry certifications etc.
- Lead the response to clients' questionnaire on SaaS offerings
- Monitor access to all systems and maintains access control profiles on computer network and systems. Track documentation of access authorizations to all resources.
- Develop and/or maintain appropriate Segregation of Duties within and across applications.
- Research and investigate measures that address data security risks and potential losses for reporting purposes.
- Work on determining acceptable risk levels for the enterprise and ensuring the IT environments are adequately protected from potential risks and threats.
- Participate in development and implementation of the appropriate and effective controls to mitigate identified threats and risks.
- Follow-up on detected security issues and implement solutions to reduce security risks
- Assist in the research, development, communication, maintaining and working with the operational units on the enforcement of IT security architecture, policies, procedures, solutions and standards.
- Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary
- Support improved data security awareness and education including on-call availability.
- Responsible for staying abreast of the latest industry security practices and technologies
- Meet with clients and Business Owners to analyze, document and define requirements associated with new development or maintenance and enhancements to existing security roles and permissions. Review completed roles/permissions with users to ensure requirements are fully met.
- Deliver services that meet regulatory specifications. Work with internal and external auditors to document and confirm that all security administrative duties are properly performed as well as demonstrate overall compliance.
- Ensure project and client alignment with company security standards where applicable.
Who we're looking for?
- A Bachelors degree in computer science or related field, minimum 5+ years of progressive experience in information Security for SaaS offerings
- Familiar with Cloud Security
- Must be an intelligent and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff. Acting as a bridge between IT and business process owners.
- In-depth knowledge and experience in the following information security areas:
- Information security assessment and auditing procedures, from both technical and business perspectives, and the use of formal methodologies
- Vulnerability scanning and auditing tools
- Enterprise-scale network and host-based IDS architectures
- Enterprise-scale firewall architectures
- E-commerce application security
- Computer investigation and forensics methods and technologies
- Secure messaging architectures
- Strong Knowledge of regulatory bodies, and the regulations and guidance issued by these bodies
- Must possess strong project management and leadership aptitude; demonstrated professionalism in managing multiple projects and resources effectively.
- Should have experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation.
- Outstanding communications skills - must be proficient communicating across all levels of the organization as well as building successful relationships
- Certification such as CISA, CISM or CISSP (or willingness to pursue)
- Project Management