VUS

Tóm tắt công việc

Key duties and responsibilities but are not limited to those listed below:

• Lead and manage high, medium and low risk assessments for both supplies and projects
• Perform technical project and supplier risk assessments
• Ensure projects comply with the company’s information security policies
• Consult with stakeholders on key controls and security requirements
• Consult on remediation plans once risk assessments have been conducted
• Act as the main point of contact for all risk assessment and remediation

Strategic Support

• Work with managers to build on an existing information security program and ongoing security projects that address information security risks and compliance requirements.
• Manage the process of gathering, analysing and assessing the current and future threat landscape, as well as providing the managers with a realistic overview of risks and threats in the enterprise environment.
• Lead the preparation of institutional Information Security audits.
• Monitor and report on compliance with security policies, as well as the enforcement of policies across the VUS Campuses.
• Evaluation of compliance with stakeholder requirements, including response to requirement specifications from potential funders such as research councils &government departments.
• Evaluate and update to new &existing policies and procedures to ensure operating efficiency and regulatory compliance.

Architecture / Engineering Support

• Consult with IT colleagues to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software as part of Privacy by Design and Default. Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
• Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyse its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
• Develop a strong working relationship with the Application, Infrastructure, IT Support to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.

Operational Support

• Manage and coordinate operational components of security incident management, including detection response and reporting.
• Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
• Manage security projects and provide expert guidance on security matters for other IT projects.
• Evaluate requests for exceptions to policies, ensuring sufficient mitigating controls are in place.
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.

Liaison &Networking – Information Security Liaison

• Provide Information security communication, awareness and training to the appropriate VUS staff and students.
• Engage effectively with appropriate external networks and external professional bodies.

Other duties

• Stay abreast of regulatory changes including cybersecurity developments and their impact on IT requirements, including relevant data privacy requirements.
• Continuously improve processes and implement tools for policy management

- Working in a clean, professional environment

- Working 8 hours/day - no night duty.

- Get accident insurance 24/7

- To be paid insurance by the Company according to the provisions of law, social insurance, health insurance, unemployment insurance

- Meal allowance

- Free uniform provided

- Annual salary increase

- Attractive salary and bonus regime, 13th New Year bonus, year-end bonus, overtime allowance.

- Well-trained for all employees

• Bachelor’s degree in computer science or related field or related experience
• Essential criteria Degree or equivalent qualification in Information Systems security or related technical discipline or relevant experience
• Desirable Certified Information Systems Security Professional (CISSP)
• Proven experience in an information security role including experience of developing Information Security policies and plans
• Working knowledge of the Data Protection Act (1998) and the incoming General Data Protection Regulations (GDPR)
• Excellent knowledge and understanding of information risk concepts and principles as a means of relating business needs to security protocols.
• Excellent understanding of information security concepts, protocols, industry best practices and strategies.
• Good understanding of system technology security testing (vulnerability scanning and penetration testing.
• Good understanding of higher education IT and information environment, preferably in security, compliance/audit or infrastructure.
• Excellent communicator able to reduce complex ideas to simple terms and express these both to non-technical and highly technical audiences
• Ability to drive consensus , influence and persuade others to take a specific course of action even when there is no direct line of command or control
• Ability to work effectively and authoritatively with senior managers and colleagues across the VUS campuses
• Experience of analysing complex issues, innovating to resolve problems and thinking strategically
• Demonstrable ability to work in a pressurised environment with conflicting priorities, ensuring that deadlines are met ensure high quality service
• Experience of planning, prioritising and organising the work of yourself and others, delivering to tight deadlines whilst ensuring the effective use of resources