Head of Information Security Department at Aeroflot
Aeroflot is looking for a Head of Information Security Department
Responsibilities:
- Regulatory support in the field of Critical Information Infrastructure (CII) (Federal Law No. 187-FZ): categorization of facilities, development of areas of responsibility and security measures for significant facilities (ZOKII), acts, threat models, action plans; interaction with FSTEC, FSB, NKCKI, preparation of incident reports
- Information security risk management: description, assessment, strategy selection (acceptance, reduction, transfer, avoidance); building a risk map
- Development of an information security and cyber resilience strategy for 2-3 years (target state, roadmap, progress metrics); integration of information security into business strategy
- Design and development of a Security Operations Center (SOC) and incident response center: defining event log sources, priority attack scenarios; developing regulations and service level agreements
- Building an incident response (IR) process: classification, escalation, interaction with IT and business, connection with business continuity and disaster recovery plans, interaction with regulators and law enforcement agencies
- Organizing the vulnerability management cycle: regular scans, prioritization, remediation control, reporting to management
- Implementation and development of orchestration and automation systems (SOAR), integration of additional systems (EDR/XDR, NAC, DLP, etc.)
- Building an information security management system (policies, standards, regulations) in accordance with GOST R ISO/IEC 27001, 187-FZ, and industry orders
- Preparation for inspections by regulatory authorities (checklists for CII, personal data), conducting internal audits
- Embedding information security requirements into contractor management (contracts, supplier checks, supply chain risk control)
- Implementation of a secure development lifecycle (SSDLC) for internal and external developers
- Budgeting: calculation and justification of capital and operational expenditures (CAPEX and OPEX), total cost of ownership, economic effect
- Participation in procurement procedures under 223-FZ, preparation of documentation
- Trend analysis (artificial intelligence in information security, cloud security, Internet of Things/industrial control systems, cyber insurance) and assessment of their applicability to the airline
Candidate Profile:
- Higher education in a relevant field (information security, or information technology with professional retraining in IS)
- Over 5 years of experience in information security, including in management positions
- Experience with Critical Information Infrastructure (CII) facilities is mandatory
- Knowledge of Federal Law No. 187-FZ and its bylaws, experience interacting with FSTEC, FSB, NKCKI
- Proficiency in a risk-based approach, building risk maps
- Experience in designing and developing a Security Operations Center (SOC) and an incident response process
- Knowledge of secure architecture principles (network segmentation, zero trust, remote access control)
- Understanding of key classes of security tools (NGFW, EDR/XDR, WAF, DLP, PAM, IAM, backup systems)
- Consideration of import substitution requirements, experience with Russian products
- Experience in building an information security management system according to GOST R ISO/IEC 27001
- Budgeting skills (capital and operational expenditures, total cost of ownership), understanding of procurement under 223-FZ
- System thinking, ability to navigate processes and procedures of a large company, persuasive argumentation skills
What we offer:
- Comfortable workspace
- Working hours: Monday-Friday, 9:00 to 18:00, with a shortened day on Fridays until 15:30
- Voluntary medical insurance with dental coverage from the first month of employment
- Air tickets at special rates for employees and their close relatives
- Additional paid vacation
- Additional payment upon vacation
- Discount program from partners (over 1000 offers)
- Sanatorium rest at the employer's expense
- Cafeteria of benefits (flexible system of benefits and privileges for employees)
- Large-scale corporate activities and events