Description
An Information Security Methodology Specialist position is open on the Fund's team. The project is aimed at forming a sustainable mechanism for managing information risks and ensuring a high level of information security for the Fund. The work involves the employee's active engagement in interaction with various departments, a high degree of responsibility and autonomy.
Responsibilities
Development and updating of regulatory and methodological documentation
- Participation in the development of Policies, Standards, Regulations, Procedures, and instructions on information security.
- Creation of methodological materials on IS processes (incident response, vulnerability management, access management, ensuring security of critical information infrastructure, etc.).
- Updating documentation taking into account changes in legislation and internal IT architecture.
Methodological support for information security processes
- Building, optimizing, and documenting IS processes (within the framework of Federal Law 187, Federal Law 152, FSTEC Orders 235/239, etc.).
- Participation in the development of requirements for IS systems and technical security tools.
- Participation in the formation of the information security architecture.
Monitoring compliance with security requirements
- Defining control procedures and criteria for compliance with IS requirements.
- Participation in preparing materials for audits and regulatory inspections.
- Participation in controlling counterparty contracts (ECM).
- Participation in IS risk analysis and preparation of compensating measures.
Interaction with departments
- Consulting IT, business, and technical departments on compliance with IS requirements.
- Supporting the implementation of changes to processes and systems from a security methodology perspective.
- Participation in industry working groups, digital transformation projects, and implementation of new applications.
Analytics and Development
- Monitoring changes in regulatory documents of FSTEC, FSB, Bank of Russia, Roskomnadzor.
- Assessing the impact of regulatory changes on company processes.
- Developing proposals for improving the security system and increasing its maturity.
Requirements
- Higher education in IT, IS, or comparable.
- Knowledge of RF regulatory requirements:
- — Federal Law 152, 187, 149,
- — FSTEC Orders 17/21/31/239/235,
- — FSB requirements,
- — Bank of Russia standards (STO BR IBBS).
- Experience in developing and updating IS normative and operational documentation.
- Understanding of IS processes: incident management, vulnerability management, access management, ensuring security of critical information infrastructure, IS audit.
- Experience interacting with IT departments and project managers.
Desirable
- Knowledge of industry requirements of the Central Bank of Russia for financial organizations.
- Experience participating in projects for implementing information security tools.
- Ability to conduct risk analysis.
- Possession of industry certificates.
Conditions
- Hybrid work format, modern office in Moscow, m. Shabolovskaya;
- Preferential mortgage lending conditions;
- Free subscription to SberPrime+, discounts on products from partner companies: Okko, Sber Market, Mega Market, Samokat, Eapteka, and others;
- Voluntary health insurance from the first day and insurance discounts for close relatives;
- Corporate pension program;
- Children's recreation and gifts at the Company's expense;
- Company-funded training: online courses, unlimited access to a library and training at the Corporate University, training sessions, meetups, and the opportunity to obtain new qualifications;
- Discounts on vacation at the "Mriya Resort & SPA" resort complex in Yalta
