· Develop, manage, ensure adherence to the corporate Information Security policies, standards and procedures. Policies should be based on international standards (e.g. ISO27001), legal and regulatory requirements (e.g. PCI DSS).
· Perform internal audits to detect risks, weaknesses and vulnerabilities in IT infrastructure, corporate applications, business processes and practices.
· Propose and implement measures for improving IT security level and elimination IT infrastructure vulnerabilities.
· Direct the software asset management processes.
· Perform risk management related to information security and entire IT operations.
· Direct and monitor the adherence to ITIL practices.
· Monitor and report on breaches of information security or policies or standards.
· Manage all security incidents and manage internal and/ or external teams to respond to, resolve and recover from incidents.
· Monitors internal control systems to ensure that appropriate levels of access are maintained, including investigation of permission violations and authorizing the removal of access rights as needed.
· Research information security related solutions.
· Ensure all aspects of security and risk management are performed in compliance with relevant regulations.
· Perform application security and penetration testing using proven techniques in mobile, web and application security.
· Implement SAST/DAST/IAST and RASP capabilities into the software development lifecycles.
· Introduce threat modeling practices .
· Drive vulnerability management and reporting.
· University degree in Computer Science, Computer Engineering, Information Technology or related field.
· Professional Certification relevant to Information/ IT Security/ Audit/ Governance e.g. CISSP, CISA, CISM, , CGEIT, OSCP.
· Professional certifications and experience in IT infrastructure.
· Sound knowledge and experience with ISO 27001, PCI DSS and other international standards on Information security and processes.
· Sound knowledge of legislations, regulations and international norms related to information assets.
· Experience in developing information technology and security policies, procedures, standards and guidelines.
· Knowledge and Experience in corporate and information risk management.
· Minimum 5 years of professional experience in application security, penetration testing, security assessment, secure software development or related field.
· Experience in vulnerability risk and impact assessment.
· Extensive knowledge with vulnerability scanners.
· Excellent written and verbal communication skills.
· Knowledge of the secure software development.
· Experience in exploiting web, mobile and application security vulnerabilities.
· Strong sense of urgency and ownership.
· Supervisory experience in leading information security professi