Security Architecture Assurance Analyst
Security Architecture Assurance Analyst
Location – Cracow
Why this job is for you:
The mission of the Information & Technology (I&T) Digital Security organization is to deliver efficient, effective and secure services that have scalability and flexibility to support the demands of our business. Supporting Head of Information Security Architecture and Assurance you will focus on assessing, reviewing and enhancing security controls across the organization’s IT and OT environments.
In this position you will provide assurance and guidance that the security features, practices, procedures, and architectures of an information system accurately mediate risks and enforce security policies, standards, and industry good practice.
You will:
- Interpret information assurance and security policies and apply these to manage risks
- Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines
- Plan, organize and conduct information assurance and accreditation of complex domains areas, cross-functional areas, and across the supply chain
- Validate that all operating systems, networks, software, and hardware are protected and compliant with organization’s policies
- Identify security risks and produce effective reports to articulate and report those risks along with proposed remediations in appropriate risk forums
- Engage with information security operations to maintain acceptable levels of control and risk throughout the business
- Contribute to the development and implementation of robust set of policies, standards and guidelines
- Maintain relevant documentation related to information security
- Support monitoring of the external environment and assessment of emerging technologies
- Identify risks and vulnerabilities, assess their impact and probability, develop mitigation strategies and reports to the business
- Involve specialists and domain experts as necessary
- Plan, organize and conduct assessment activity and determinate whether appropriate quality control has been applied
- Conduct formal assessments or reviews for given domain areas, suppliers, or parts of the supply chain. Collate, collect and examine records, analyses the evidence and drafts all or part of formal compliance reports
- Determine the risks associated with findings and non-compliance and propose corrective actions
You have:
- 3+ years in cybersecurity, security architecture or security assurance within a complex enterprise environment
- Self-starter with excellent people and inter-personal skills and ability to translate technical information into business-relevant information, and develop and maintain close working relationships, present the need for security to all personnel from senior leaders to specialist roles in a manner that encourages positive engagement and demonstrates the benefits of security in improving performance and profitability
- Good experience performing security assessments for internal as well as external systems and processes is essential
- Demonstrable knowledge and experience of key threat vectors, cyber threat mitigation, information security and risk management principles, third party assurance and project management
- Ability to develop security standards and guidelines based on best practices, regulatory requirements, and industry standards
- Effective time management skills and ability to juggle several tasks and conflicting priorities
- Knowledge and experience working with information security standards and frameworks such as ISF SOGP, Cyber Essentials, ISO, NIST, etc.
- Bachelor’s degree in Computer Science, Information Technology, Computer Engineering or related field would be an advantage
- Professional certifications: CISSP, CISM, CISA or other relevant information security credentials would be an advantage
- Fluency in English is a must
The information necessary in the recruitment process is: name, surname, contact details, education, previous employment record and qualifications.
Any supplementary information you provide is processed on the basis of your consent.
For the purpose of application to the position specified in the job posting we ask you to place the following statement in your application:
“I, hereby, consent to the processing of my personal data contained in the application for the job by International Paper Polska Sp. z o.o for the purpose and to the extent necessary in the recruitment process.”
If you want to take part not only in the recruitment process for the job position you applied for but in future recruitment processes as well, we ask you to place the following statement in your application:
„I, hereby, consent to the processing of my personal data contained in the application for the job by International Paper Polska Sp. z o.o for the purpose and to the extent necessary in the current recruitment process and in the future recruitment processes as well.”
To see Privacy Notice click here: Privacy notice
Krakow, MAL, PL, 31-503