Virtual CISO Еxpert

The Virtual CISO expert engages with AMATAS customers to successfully implement and manage cybersecurity strategy and program. The VCISO expert provides our customers with the leadership needed to manage their risks more strategically, foster a secure digital workplace culture, and transform cybersecurity from technical support and compliance enforcing role into a business-enabling driving force.

The VCISO core responsibilities are:

• Acting as a virtual CISO to a number of clients, leading, advising, and supporting their multi-year cyber security programs
• Working with the client’s management and technical teams, undertake risk, controls, and compliance assessments
• Undertaking information security gap analysis and audits against established standards and regulations such as ISO 27001, NIST, SANS CSC, and the GDPR
• Writing and presenting detailed findings and recommendations reports, providing added value and thought leadership
• Strategy
• Creating and reviewing risk management and information security frameworks and policies
• Chairing information security committee meetings with clients
• Assessing third-party Supply Chain Risk and Compliance
• Lead And Coordinate Cybersecurity Incident Response
• Plan CISO Service Delivery
• Measure project performance using appropriate systems, tools, and techniques
• Manage the relationship with the client and all stakeholders
• Create and maintain comprehensive project documentation.

Qualifications and Skills:

• Ability to translate technical issues into business terms
• Commercial and technical understanding of information security frameworks and eco- systems
• Experience in leading, implementing, and managing cyber security programs
• Knowledge of common IT risk and controls standards such as COBIT, COSO, ISO 27001, ISO 3100, and SANS CSC
• Knowledge of at least one risk assessment methodology
• Understanding of the range of technical IT and business controls available to protect the Confidentiality, Integrity, and Availability (CIA) of data
• Understand customer environments and be able to work with both technical teams and senior management to identify issues and risks
• Excellent customer relationship skills, creation and presentation skills
• Awareness of common attack vectors such as hacking, malware, DDoS, etc.
• Knowledge of common application vulnerabilities and mitigation approaches
• A commitment to personal development and keeping a current knowledge of the security industry threats and best practices
• Knowledge and experience of cloud security.

Advantages:

• Certified Information System Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC).

Valued Additional Qualifications:

• IAPP CIPP/E
• IAPP CIPT
• PCI DSS QSA or ISA
• GIAC Systems and Network Auditor (GSNA), International Register of Certificated Auditors (IRCA), Information Security Management System Auditor (ISMS) or Certified Internal Auditor (CIA).

Benefits:

• Competitive remuneration package
• Additional health insurance
• Corporate discount vouchers
• Continuous training programs
• Certification in the field of cybersecurity
• Additional health insurance and group health care program, flexibility & work-life balance, yoga at the office, free fresh fruits, company and group discounts, teambuildings.

In case you recognize yourself and would like to be part of a great team, do not hesitate, but apply!