Security Controls Consultant

Opis:

What we offer

• We are open to the employment form according to your preferences
• Work with experienced and engaged team, willing to learn, share knowledge and open for growth and new ideas
• Hybrid working system – 2 days a week in the office in Cracow
• Mindbox is a dynamically growing IT company, but still not a large one – everybody can have a real impact on where we are going next

• We invest in developing skills and abilities of our employees
• We have attractive benefits and provide all the tools required for work f.e. computer
• Interpolska Health Care, Multisport, Warta Insurance, training platform (Sages)

Wymagania:

Our requirements

• Strong understanding of Security Controls rules in particular, how these are applied in the context of EU Regulations;
• Ability to translate difficult IT concepts into business language;
• Experience with Technology risks and controls.
• Broad knowledge of Cybersecurity – concepts, requirements, operations
• Understanding of metrics and measures in managing risks and controls (KCIs, KRIs, KPIs)
• Excellent written and verbal communication skills with an ability to produce clear and concise reports and control documentation for targeted audiences across internal and external stakeholders.
• Fluent English

Obowiązki:

Your responsibilities

• Conduct comprehensive assessments of applications to ensure compliance with the full spectrum of security controls, identifying gaps between current security measures and desired standards.
• Develop and deliver detailed reports on the current security posture, providing actionable insights and recommendations to bridge any identified gaps.
• Define, implement, and maintain operational control instances, ensuring they are effectively measured and aligned with cybersecurity objectives.
• Collaborate with internal stakeholders to develop and execute remediation plans that address identified vulnerabilities and improve security posture.
• Provide regular, timely, suitable data, reporting and content describing the status, coverage and effectiveness of Cybersecurity Controls for delivery to senior management forums (e.g. Risk and Controls Management Meeting)