Site Information Security Officer
Internship Catania (Catania) IT development
Job description
General information
Reference
2020-5619
Job level
40 - Experienced
Position description
Posting title
Site Information Security Officer
Regular/Temporary
Regular
Job description
The purpose of the job is to ensure that the ST information security framework is deployed at the site, with the objectives that information security risks are known and managed appropriately.
The risks considered are those affecting the Confidentiality, Integrity and Availability of Company data hosted on computer systems (servers, PCs, mobiles, IT applications, SaaS…) and the cyber-attacks against industrial devices used for Company business.
Main activities:
Infosec assurance at the site
Perform regular reviews to detect gaps at the site vs. InfoSec framework
Build and maintain the site InfoSec risks log, taking inputs from audits, site InfoSec reviews, requests from departments at the site, requests from Central InfoSec, site InfoSec survey, incident or anomalies
Run the site InfoSec survey organized by Central InfoSec, ensuring complete, accurate and timely response
InfoSec governance and support at the site
Regularly report the InfoSec posture of the site to site management
Support all functions at the site in implementing the InfoSec framework
Be the primary interface for the site with Central InfoSec, including for site-based InfoSec audits (certification, customer, internal) and actions triggered by Central InfoSec
InfoSec technical reference at the site
Ensure that the technical architecture at the site is maintained, especially for the cyber security zones
Participate to relevant IT CAB(s) at the site and help building work orders for the SOC
Site services and local solutions
Ensure security in local IT solutions / industrial solutions, site services (such as physical security, facilities and canteen systems), labs and warehouses
Ensure that site services follow the security procedures (security in contracts, connection to ST network, security for cloud services…)
Provide the required infosec support to achieve the above objectives
Security awareness
Promote InfoSec awareness campaigns and materials within the site, leveraging upon the initiatives at company level from Central InfoSec
Pro-actively propose initiatives to raise InfoSec awareness and, after agreement with Central InfoSec, deploy them within the site
Promote within the site the need to report InfoSec incident or anomaly using the right reporting channel
Use all opportunities to raise InfoSec awareness through the communication channels available at the site
Security incident management
Report InfoSec incidents and anomalies to Central InfoSec
Provide timely answers to CSIRT queries and help resolving cases
Infosec day to day operations
Support the preparation of security exception requests
Review requests at the site that require site InfoSec officer approval
Profile
This position is for a cyber-security professional with 5-10 years of experience covering several domains of information security.
Ability to cover the entire scope of information security
Expertise in several domains of cyber security (such as network, system, application, incident management, awareness, vulnerability management, audit and risk assessment…)
Experience in delivering security training and briefing sessions with management
Ability to interact with people at all levels of the organization
Excellent facilitation, communication and influence skills
Ability to treat several topics in parallel, to "clarify the unknown", to translate technical aspects into risks and to communicate on those risks
Ability to consider short-term as well as longer term actions and to anticipate.
Trustworthy and Rigorous.
High level of autonomy and pro-activity
- Bachelor in information security or equivalent
- Security certification is a plus (CISSP)
- Language spoken at the site is a must, English at minimum B2 (CEFR scale)
- Experience working in an international environment is a plus
This position may require occasional travels in ST worldwide
The Employment search is addressed to candidates of both genders, under Law 10.04.1991 n. 125, as amended by Legislative Decree n. 198/2006 which guarantees gender equality at work
Position localisation
Job location
Europe, Italy, Catania
Candidate criteria
Education level required
5 - Master degree
Experience level required
6-10 years
Languages
· Italian (4- Mother tongue)
· English (3- Advanced)
Requester
Desired start date
01/09/2020