Information Security Manager at Yandex Cloud

The Yandex Cloud Security team is looking for a dynamic expert with experience in building processes and technical security controls to protect complex, rapidly evolving production environments with a large number of proprietary software products.

Your main tasks will lie in organizing protective measures for the technical stack related to a new business direction. The tasks will require a good understanding of regulatory requirements, deep knowledge of modern technologies, as well as a creative and inventive approach.

More about the Yandex Cloud Security division

About the team

Subscribe to the Inside Yandex Cloud Telegram channel to learn more about our team and technologies!

What tasks await you

Managing information security (IS) assurance processes You will create and improve IS assurance processes, develop internal regulations, find optimal ways to reduce IS risks, and interact with the business team, developers, and lawyers within these tasks.

Designing protection systems You will develop architectural solutions and technical protection measures, taking into account the specifics of cloud services and their interactions with each other.

Ensuring compliance with regulatory requirements and internal regulations You will formulate organizational and technical measures to comply with regulator requirements, coordinate threat models, discuss compensating controls with regulators, research and evaluate the feasibility of using various classes of cryptographic information protection tools (CIPT), and participate in developing new versions of requirements.

We expect that you

Have solid technical expertise in infrastructure: virtualization, containerization, key IaaS platform services
Have a good understanding of cloud platform architecture
Have designed protection mechanisms for complex, non-standard environments
Understand the requirements of state and industry regulators in the field of information security
Are familiar with regulatory requirements for information security and data protection
Have worked with mandatory regulatory requirements in the field of information security
Know how to build processes from technical, organizational, and legal perspectives
Can speak the language of developers, lawyers, auditors, and business stakeholders
Understand what risks, controls, and audit are and how they are interrelated

Will be a plus

Have developed in one or more languages: C++, Java, Python, Go
Know and can apply application protection mechanisms in Linux systems and containerization tools
Have conducted source code security audits, understand threat modeling principles and typical insecure programming patterns
Have a good understanding of API security
Have been involved in application penetration testing
Have participated in internal and external audits

Working conditions

Deep immersion in the subject area, complex and strategically important tasks
Flexible schedule
Extended voluntary health insurance program, bonuses, loyalty programs
Meal compensation
Gym and yoga in the office

Contacts

About the team

What tasks await you

We expect that you

Will be a plus

Working conditions

Similar vacancies

Yandex Cloud Infrastructure Developer

Engineer for the Security Team of Verticals

Developer for the Engineering Infrastructure Team Yandex Cloud

Internal IT Audit Manager

Cybersecurity Expert

Senior SRE for Information Security Team

Cybersecurity Expert

Infrastructure Information Security Team Engineer

Methodology and Certification Specialist (Cybersecurity)

Infrastructure and Business Application Operations Engineer

Application Security

Python/Go Security Tools Developer

Information Security Manager at Yandex Cloud

Key Skills

Details

Average salary for this role