Job Accountabilities:
- Provide support in the identification and evaluation of risks, particularly when evaluating the risk and controls of high-risk systems and applications. Support and maintain IT security policy compliance and implementation in company computer network.
- Responsible for the measuring and tracking of in-place controls to support compliance in the protection of information assets. Plan and implement the security activities in IT Infrastructure with purpose of delivery its confidentiality, integrity and availability.
- Facilitate the implementation of process changes to address emerging technology and information risk requirements or address weaknesses discovered through monitoring, testing, or audit procedures. Organise protection against the non-authorized access, copying and distribution of information, processed and stored in company computerised systems.
- Provide technical expertise and assistance with the design, deployment, and maintenance of security solutions. Carry out the works on protection of company operational information resources against the non-authorized access, and ensure systems security.
- Carry out internal information security investigation in cases of contradicting to policies and procedures established in company.
- Review risks and controls assessment results and communicate key concerns and questions to the application/systems data owners.
- Perform work on implementation of special technical and software security measures, enabling organisational and technical measures of information systems security, to carry out testing and research with the purpose of finding and selecting the most practical solutions.
- Participate in the risk assessment to periodically re-evaluate sensitivity of the system, risks, and mitigation strategies. Carry out selection, studying and generalisation of normative and methodical materials of security tools and mechanisms.
- Initiate and conduct Information Security related Projects.
- Participate in the project’s preparation, planning and scheduling for technical security activities, as well as in development of the necessary technical documentation.Develop, revise procedures and perform experimental research on technical security and information protection.
- Develop and regular updating of related Information Security technical documentation.
- Carry out a comparative analysis of research and test data, to define possible sources and channels of information leakage.
- Perform technical maintenance of information security systems, to take part in preparing the recommendations and proposals on security measures and efficiency improvement.
- Perform control checks of systems operability and efficiency, to prepare the acts of control checks, to analyse the checks results; to develop proposals on security measures efficiency improvement.
- Study and summarise the other companies experience on use of hardware and software information protection approaches with purpose of security efficiency improvement and commercial classified information protection.
Required Competences:
- good knowledge of Microsoft Windows OS, Microsoft SQL, Linux OS, including Security Systems and Services;
- knowledge of scripting programming languages like PowerShell, Bash, Python
- TCP/IP networking and communications background including security;
- Kazakhstan and international legislation in Information security area.
- practical experience of work with security hardware and software; as well as with products’ vendors and service companies;
- good verbal and written communication skills in English;
- highest level of credibility and ability to maintain highest confidentiality
- must be able to communicate at all levels with various operational units and with variety of nationalities.
Conditions:
Aksai, WKO
5/2
CV send to: This email address is being protected from spambots. You need JavaScript enabled to view it.