Head of Information Security for Ciklum

Kyiv, Amosova, Ukraine

Apply

Ciklum is a Software Engineering and Solutions Company. Our 3,000+ IT professionals are located in the offices and delivery centres in Ukraine, Belarus, Poland and Spain.

As Ciklum employee, you'll have the unique possibility to communicate directly with the client when working in Extended Teams. Besides, Ciklum is the place to make your tech ideas tangible. The Vital Signs Monitor for the Children’s Cardiac Center as well as Smart Defibrillator, the winner of the US IoT World Hackathon, are among the cool things Ciklumers have developed.

Ciklum is a technology partner for Google, Intel, Micron, and hundreds of world-known companies. We are looking forward to seeing you as a part of our team!

Read more about the client

Description

Ciklum is looking for a Head of Information Security to join Kyiv team on a full-time basis.

 

Role Purpose:

Reporting into the Information Technology Director the Head of Information Security is responsible for defining Ciklum’s corporate Information Security strategy and management system, leading the delivery of its Information Security programme and managing the operation of its Information Security function.

Responsibilities

The Head of Information Security will lead, develop and mature the Information Security function and its strategies, management system and personnel in a strategic, pragmatic and commercially minded fashion, ultimately to ensure Ciklum’s information is secure and available for business operations globally. In addition, the Head of Information Security will operate as a security subject matter expert and thought leader, both within Ciklum (corporate) as well as providing guidance and consultation to Ciklum’s digital businesses and clients from time to time.

Key Responsibilities include:

  • Ownership of the Ciklum information security strategy, management system and programme
  • Working at board, executive and senior management level across Ciklum to understand business strategy and ensure a fit for purpose information security strategy and system is established and maintained
  • Lead (and personally contribute to) the analysis of the current business and IT environment to detect critical security deficiencies, articulate these in business terms and recommend remediations, mitigations or improvements
  • Operate effective information security governance and risk assessment as part of wider IT Governance and corporate governance
  • Lead the formulation of the information security strategy and the necessary programme of work to deliver it
  • Lead the delivery of the information security programme of work
  • Lead the creation, maintenance and management of the information security management system
  • Manage information security operations daily (via your team and the wider organisation), ensuring that daily proactive activities are undertaken and that incidents are managed appropriately
  • Work closely with colleagues within the IT department, facilities management, compliance, HR and other corporate functions to ensure that existing processes and data and changes to these are compliant to the information security strategy, framework and management system
  • Ensure that IT solutions and technologies, when selected, developed or changed, are compliant with the information security strategy, framework and management system
  • Vendor management with regard to key information security services and technologies (e.g. annual audit, pen testing, SOC)
  • Evangelise the importance, value and results of good information security practices and the information security programme to senior management and the executive team

 

Ambassador / Leader

The Head of Information Security will lead and manage a team of information security professionals, including motivation, development and performance management.

Responsibilities include:

  • Setting and maintaining the highest professional standards for themselves and team members to assist the IT Director in embedding the Ciklum values in the behaviour of the department and wider organisation
  • Proactive participation in the IT leadership team, working with IT leadership colleagues together with the IT Director to improve overall IT capability, demonstrating and encouraging commitment to team objectives
  • Motivating team members and leading by example to engage in high standards of quality
  • Resolving escalated technical and staffing issues, using influence, negotiation, and a deep understanding of the technology and people involved
  • Proactively supporting team training initiatives, making recommendations and providing coaching and / or support to less experienced team members
  • Dealing with and resolving problems using a high degree of independent judgement

Stakeholder Management

The Head of Information Security should effectively manage relationships with senior business executives, stakeholders, IT colleagues and suppliers.

Responsibilities include:

  • Maintaining regular stakeholder contact through face-to-face and written communication
  • Dealing with stakeholder queries professionally and expeditiously creating an environment where peers recognise positive service and respect for business stakeholders
  • Recognising opportunities for improvement and champion change management initiatives and motivate team members to embrace change
  • Communicating complex concepts and issues clearly and succinctly to stakeholders at all levels of the organisation, from junior staff to senior management

Requirements

  • At least 10 years experience in a professional Information Security, IT role or equivalent role
  • At least 5 years experience in an Information Security role (focused)
  • At least 2 years experience in an Information Security leadership role or equivalent role defining, designing, planning, leading and governing a significant information security agenda
  • In-depth knowledge and practical experience of:
    • Formulating information security strategy
    • Creating, maintaining and managing an information security management system
    • Defining, establishing and managing an information security programme
    • Managing information security operations
    • Contributing to corporate risk management
    • Contributing to corporate business continuity planning
    • Procuring, mobilising and managing audit initiatives (ISO 27001, pen testing, etc)
    • Securing modern business operations and IT solution architectures, technologies, development practices and ways of working, including: Cloud services, integration and technology; Microservices; DevOps; Agile
  • Ability to review, assess and contribute to the definition, design, planning and delivery of IT solutions comprised of globally distributed cloud services (SaaS et al), application packages and bespoke solutions
  • Ability to analyse complex situations, environments or systems and form an informed, evidence-based assessment and recommendation
  • Knowledge of key professional services and consulting concepts as well as the organizational, business and technical challenges that they face
  • Ability to communicate complex concepts and issues clearly and succinctly to stakeholders at all levels of the organization
  • Ability to negotiate with stakeholders, resolve disagreements and issues, and positively influence outcomes
  • Ability to work effectively with internal and external stakeholders
  • Fluent spoken English and Ukrainian or Russian
  • Excellent written English
  • Ability to efficiently create clear, concise written documents, presentations, diagrams, architectural artifacts and deliverables in English

Desirable

  • Relevant degree-level education (BSc); postgraduate qualification desirable (MSc)
  • Formal information security qualification mandatory, e.g. Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP)
  • ISO 27001 Lead Auditor or equivalent desirable
  • ISO 9001 Lead Auditor or equivalent desirable
  • ISO 22301 Lead Auditor or equivalent desirable
  • Data privacy qualification(s) desirable, e.g. C-DPO
  • Architecture qualification desirable, e.g. TOGAF, SABSA, BCS
  • ITIL or related professional IT service management qualification desirable

Personal skills

  • Effective and comfortable in fluid situations and able to deal with ambiguity
  • Positive attitude, can-do mindset, high energy and a self-starter
  • A sense of urgency and the ability to work in a fast-paced multi-tasking manner calmly
  • Ability to work in an unstructured and high-pressure environment, bringing structure to these
  • Understands and balances long-term (“big picture”) and short-term perspectives
  • Credible at board, executive and senior management level
  • Excellent influencing, communication and presentation skills
  • A high degree of accountability and a track record of delivering on commitments

What's in it for you

  • Being a part of a growing business in the software engineering industry
  • Working in a creative and dynamic team environment
  • Opportunity to work with the latest technologies on the market
  • Long-term employment with 20 working days paid vacation and other social benefits