Information Security

• Implementation of security organization, security rules and processes
• Localization of security materials and documentation (e.g. local policies and procedures)
• Reporting of security situation to management functions on local and CEE level (reporting to local management; main contact with CEE and local Security Officer for security topics)
• Performing reviews and vulnerability management to verify effectiveness of implemented controls
• Follow up of mitigation of security risks and incidents
• Participation on security related projects and collaboration on security part in all other projects
• Performing and cooperation on security reviews of external partners
• Application and services classification and inventory (CIAT, ASIF inventories): creation, maintenance and review of the deliverables

Business & IT Continuity

• Organization and providing security awareness to all relevant parties (employees, management, BCP actors)
• Participation on definition of BCP solutions and cooperation on ICP solutions
• Organization of security relevant exercises (e.g. BCP exercises, IT continuity exercises)

People and Premises Security

• Physical security and fire protection: definition of requirements, monitoring and action plan follow-up
• Organization of Emergency response awareness sessions for Emergency response team

General Responsibilities

• Reporting : completion of regular indicators and reports
• Identification of security needs for day2day activities
• Cooperation with all departments on security relevant topics (mainly IT and OPS)
• Ad hoc tasks assigned by the line manager

• Minimum of 1+ years in Security Area (Information Security, CyberSecurity)
• Ability to work effectively with business managers and IT operations staff
• Experience with common information security management frameworks such as international Standards Organization (ISO) 2700x, NIST Cyber Security Framework
• Strong analytical skills to analyse and understand security requirements and being able to implement or execute appropriate security controls
• Experience in system technology security testing (vulnerability, scanning and penetration testing
• Experience in server management basics
• Basic log management skills for servers and LAN
• Basic experience with ITIL framework
• An understanding of the business impact of security tools, technologies and policies
• Experience working with legal, audit and compliance staff
• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with various Cardif personnel e.g. Operations, IT, Security
• English proficiency at C1 level

Előny:

• Experience in the field of privacy (adatvédelmi területen)
• Basic knowledge of GDPR legislation
• Knowledge of data subject's rights
• Good communication and collaboration skills with colleagues, departments and department heads