Information Security Manager
Responsibilities
Development and implementation of Information Security management system:
– Adaptation, development, and maintenance of information security policies, procedures, and standards in accordance with Russian legislation and Global Headquarters requirements (including personal data protection).
– Organization and control of compliance with internal regulatory acts, as well as Russian Federation legislation in the field of information security (compliance).
– Performing activities to increase the maturity level of the company's information security processes.
Operational Information Security management and Infrastructure protection:
– Performing regular monitoring and auditing of systems (including interaction with external and global auditors) to identify deviations and potential threats.
– Implementation of measures to improve the security level of IT infrastructure and information systems.
– Coordination of configuration and maintenance efforts for antivirus tools, firewalls, and intrusion prevention systems.
– Management and control of user access to information systems and resources, including external contractors.
Information Security project activities and expertise:
– Conducting information security expertise for new IT projects, initiatives, and changes.
– Management of projects aimed at improving the Information Security level.
Incident Response and Investigation:
– Monitoring, detection, response, and investigation of information security incidents.
Security Culture development:
– Development and delivery of security awareness activities for employees on information security fundamentals.
– Close collaboration with the global information security team on solution management and implementation of corporate standards.
IT projects and Infrastructure management:
– Participation in the planning and implementation of IT projects related to the improvement of the company's internal and external services.
– Communication with business units on IT matters.
Requirements
– Degree in Computer Science, Information Security, or a related field.
– 3+ years of proven experience in Information Security management.
– Solid knowledge of Russian information security legislation and compliance framework.
– Hands-on experience with configuring and managing security controls: firewalls (Checkpoint/Fortigate/Cisco ASA), antivirus/EDR (Kaspersky/Symantec/CrowdStrike), IDS/IPS (Cisco FMC/Checkpoint/Suricata), SIEM systems (Kaspersky), and access management systems.
– Practical experience in conducting risk assessments, vulnerability management, and security audits.
– Experience in participating in IT projects from initiation to implementation, with an understanding of project management methodologies.
– Professional certifications are a strong plus.
Conditions
– Work in one of the largest international companies
– Official employment, compliance with the Labor Code of the Russian Federation
– Voluntary medical insurance policy (extended with dentistry), life and accident insurance
– Paid sick leave up to 100% of salary
– Meal compensation
– Fitness compensation
– Five-day work week (hybrid work format: one day a week remotely)
– Office in the center of Moscow (7 minutes from Paveletskaya or Serpukhovskaya metro stations)