Description

We are inviting an experienced specialist for the position of Head of Information Security (IS) Unit. The main task is to ensure a high level of protection of the company's information from external and internal threats, implementing a comprehensive information security program and effective interaction with key stakeholders.

Responsibilities

• Formulating organizational policy and participating in the development of strategic direction for ensuring information security.
• Managing processes for detecting, preventing, and eliminating the consequences of computer attacks and responding to information security incidents.
• Coordinating the implementation of necessary organizational and technical measures in accordance with the requirements of regulatory bodies (FSB, FSTEC), considering current threats in the information environment.
• Analyzing information security threats and risks of the society, conducting measures to minimize identified risks within the framework of Sberbank's corporate risk management model.
• Monitoring compliance of all business processes with internal and external regulatory documentation in the field of information protection.
• Developing and improving internal regulations and standards for information security, implementing KPIs and monitoring compliance with SLA requirements.
• Organizing effective interaction with business management, IT departments, and the cybersecurity department of Sberbank PJSC.
• Leading information security incident management processes, organizing investigations, and making timely decisions on incidents.
• Preparing plans and budgets for measures to improve the level of information security.
• Monitoring and controlling employees' actions regarding compliance with confidentiality regime, proper handling of information resources, and information protection.
• Assessing the current state of information security in the society, regularly checking the security of the infrastructure and providing recommendations for its improvement.
• Creating and developing the company's information security architecture, defining and approving key performance indicators for the cyber risk management process.

Requirements

• Excellent knowledge of Russian legislative norms, Russian government orders, Central Bank of Russia resolutions, methodological guidelines of the FSB and FSTEC related to information protection.
• Deep understanding of the organization's specific work, industry features, and modern trends in information security.
• Knowledge of methods and tools for collecting, processing, and transmitting information, using various technical means of protection.
• Ability to effectively configure and use software and hardware information security tools.
• Proficiency in methods for identifying potential information leakage channels, analyzing and assessing the degree of risk for protecting confidential information.
• Experience in successful implementation of projects in the field of building information security systems for large companies, knowledge of domestic and international experience in countering technical intelligence and cyber attacks.
• Confirmed practical experience in developing architecture of information protection systems, monitoring, and reporting on key indicators.

Additional Advantages:

• CISSP, ISO/IEC 27001, CISM certification or similar professional qualification.
• Understanding of DevSecOps and IaC (Infrastructure as Code) principles.
• Practical experience in designing comprehensive multi-level protection systems for critically important digital infrastructure facilities.
• Higher education in information security, mathematics, cryptography, or related disciplines.

Conditions

• Comfortable modern office near Park Pobedy and Bagrationovskaya metro stations
• Annual salary review, annual bonus
• More than 400 educational programs from SberUniversity for Professional and career development
• Voluntary Health Insurance (VHI), preferential insurance for family, and corporate pension program
• Mortgage for employees more profitable up to 4%
• Free SberPrime+ subscription, discounts on products of partner companies