Head of Information Security Compliance and Provisioning Unit Telecom
012 -5961868

Job Description

Responsibilities :

Oversees and ensures that the appropriate operational security posture is implemented and maintained for an information system or program;
Develop and Implement information security audit processes for application software/networks/systems and oversee ongoing audits to ensure that operational processes and procedures are in compliance with organizational and mandatory secuirty requirements and accurately followed by Systems Administrators and other cybersecurity staff when performing their day-to-day activities;
Develop methods to monitor and measure risk, compliance, and assurance efforts;
Develop and document supply chain risks for critical system elements, as appropriate;
Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals;
Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance;
Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance;
Oversee the information security training and awareness program;
Develop policy, programs, and guidelines for implementation;
Oversee development and implementation of high-level control architectures;
Support the management in the formulation of information security related policies;
Provide input to the Risk Management Framework (RMF) process activities and related documentation (e.g., system lifecycle support plans, concept of operations, operational procedures, and maintenance training materials).

Requirements :

Knowledge of information security principles and organizational requirements to protect confidentiality, integrity, availability, authenticity, and non-repudiation of information and data;
Knowledge of Risk Management Framework (RMF) requirements;
Knowledge of current industry methods for evaluating, implementing, and disseminating information security assessment, monitoring, detection, and remediation tools and procedures, utilizing standards-based concepts, and capabilities;
Knowledge of the organization’s enterprise information security goals and objectives;
Knowledge of Personally Identifiable Information (PII) data security standards;
Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, GDPR), Azerbaijan Law of Privacy, Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed;
Knowledge of information technology supply chain security and risk management policies, requirements, and procedures;
Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth);
Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zackman);
Knowledge of an organization's information classification program and procedures for level information loss;
International certifications in Information Security such as CISSP, CEH, CISA, CISM, CCNP Security are desirable;
Fluent Azeri and English language skills.