PRINCIPAL RESPONSIBILITY:

• Ensure that CMIB has an appropriate level of Information Security Services in line with business demands and associated risks
• Assist in the coordination of the various technical, human and organizational resources involved in Information Security
• Provide effective coordination between the relevant contacts within the ROSBANK and SGCIB Information Security organizational framework
• Ensure that information confidentiality, integrity and availability is taken into account with all decisions

DUTIES:

• Follow-up implementation of IT Security plan for CMIB
• Contribution to implementation of technical policies, standards and procedures
• Implementation, application and follow-up of information security governance principles for CMIB
• Perform regular reporting on information security for Rosbank, Societe Generale management
• Participate as a Security Expert in all projects of Rosbank CMIB
• Support and advise management and users on information security topic, informing about the information security risks
• Handling information security incidents in CMIB scope with reporting to CMIB management, Rosbank CISSO, Societe Generale
• Implementation of security controls and analysis of their efficiency and effectiveness
• Monitoring and providing analysis of information security threats and risk
• Staff awareness-raising and training on information security topics
• Control that information security is taken into account in operational and project budgets
• Manage relationships with IT (Rosbank and EMEA), GTS (Russia and International)

RESPONSIBILITY:

In the Rosbank CMIB scope ISO is responsible for

• The security of information,
• The security of applications,
• Ensuring
  
  • The security of systems,
  • The security of networks
  • The security of telecommunication systems,
  • The physical security of computer systems,
• The setup of operating means in degraded mode
• The data back-up strategy,
• The organization and maintenance of security governance,
• The monitoring of audit recommendations relating to IS security,
• The involvement in the setup of the business continuity plan (BCP, disaster recovery).
• Raising user awareness on security issues

JOB REQUIREMENTS:

• Mandatory
  
  • Knowledge of International and Russian regulations and standards on Information Security
  • Knowledge of industrial standards
  • Advanced technical and functional experience in information security
  • Good knowledge of banking (particularly Investment) business processes
• Additional pluses are
  
  • Certifications in information security (CISSP, CISA, etc, Russian certifications)
  • Certification or confirmed experience in Project Management

WORKING EXPERIENCE:

• aAt least 5 years in IT, with at least 3 years of Information Security experience
• Working in large banks (Russian Top 50) or Investment Banking companies.

EDUCATION:

• Higher education in computer science, information security or related areas.

FOREIGN LANGUAGES:

• English – upper intermediate

COMPUTER:

• Professional user of computer, understanding of networking, advanced technical skills
• In OS (Windows, UNIX), DBMS (MS SQL, Oracle)

PERSONALITY:

• Active position, good communication skills, leadership