Information Security Specialist - București, România - K2 ALPHA S.R.L.

Descriere

Information Security Specialist

Summary

Information Security and Cyber Security specialist in a new team at an established international company of more than 20 years that is now in scaleup mode

Responsible for all aspects of Information Security, including designing, implementing and monitoring in an agile environment, with additional opportunities to develop skillset

Lead awareness and training in the company to create a strong Information Security culture across all business as well as technical teams

A successful candidate will be an early starter in a newly established team that will grow and offer long term career growth opportunities in line with an international company growing fast and leveraging technology to manage this business growth

Company Overview
K2 Corporate Mobility is an independent global mobility expert, providing comprehensive services to corporate clients relocating their employees.

We manage and deliver services through our global partner network and strive to be a true business partner – an extension of our clients' HR/Mobility function.

We provide one accountable point of contact for HR teams and assignees throughout international relocations.

Headquartered in UK, K2 serves every location worldwide via our regional hubs located in the USA, Brazil, France, Sweden, South Africa, UAE, Singapore, Australia and our most recent office Bucharest, Romania which will start as our Technology hub.

The Bucharest team will be our core Technology team supporting the global K2 business.

We are building this team from scratch as K2 looks to insource our systems Intellectual Property and rely less on external consultants for our systems development.

We are therefore looking for a team that will want to be part of something very new at K2 and help us build a technology department that works closely and in partnership with the rest of the firm.

Technology is at the core of our K2 service offerings and in order to scale up the business K2 is now making a significant and continued investment in building out our current system architecture as well as building new systems in order to integrate more seamlessly with our customers, their assignees, and just as importantly our partners.

What sets us apart is our people. We employ the best and allow them to be the best they can be.
More information can be found on our website.

Reporting to the Senior Technology Lead/Head of Bucharest Office.

The role

The Information Security Specialist is responsible for safeguarding the organization's information systems and data from unauthorized access, disruption or misuse.

This role involves implementing and maintaining security measures, monitoring for potential security breaches, and responding to security incidents as needed.

The Information Security Specialist works closely with cross-functional teams to develop, enforce, and enhance information security policies and procedures across K2 as well as our Partner network.

Additionally, the Information Security Specialist plays a pivotal role in the Infrastructure architecture and software development life cycle by integrating security components and practices into every stage of the process.

This in turn requires close partnership between the business and technology teams as we shape the future processes for the firm.

As well as excellent InfoSec technical skills this role needs strong analytical skills and a team player to help deliver on policies and programs.

This role is immediately important to K2 achieving its next chapter of growth with technology at the heart of this critical part of the business strategy, and as a result offers career growth with more technical strategy ownership as knowledge of the systems, infrastructure and technology offering increases.

Main duties and responsibilities

Vulnerability Management:
Conduct regular vulnerability assessments and penetration testing to identify potential weaknesses and security vulnerabilities in systems and applications. Coordinate remediation efforts with relevant teams.

Secure Development Lifecycle:

Collaborate with development teams to embed security best practices into all phases of the software development lifecycle, including design, coding, testing, and deployment.

Risk Assessment:

Conduct risk assessments and security reviews of systems, processes, and projects to identify potential security gaps and recommend mitigation strategies.

Security Infrastructure:

Implement, configure, and manage security tools and technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, encryption solutions, and other security-related software andhardware.

Growth Opportunities

Incident Response:

Lead and participate in the response to security incidents, including investigating, documenting, and resolving security breaches, malware infections, and unauthorized access attempts.

Network Security:
Monitor network traffic for suspicious activities and potential threats. Implement and maintain network security measures to protect against unauthorized access.

Data Protection:
Ensure the confidentiality, integrity, and availability of sensitive data through encryption, access controls, and data loss prevention measures.

Security Incident Reporting:
Prepare and present security-related reports to management and relevant stakeholders on a regular basis.

Security Awareness:
Stay up-to-date with the latest information security trends, threats, and vulnerabilities. Continuously improve knowledge and skills through professional development and certifications.

Security Architecture:

Assist in designing and implementing security architectures for systems, networks, and applications, ensuring the integration of security controls and best practices from the outset.

Cross-Functional Collaboration:
Work closely with development, operations, and security teams to foster a collaborative and transparent approach to security practices.
Opportunities for technical certifications
Opportunities for relevant conference attendance

Experience:
Skills / Abilities & Knowledge

Bachelor's degree in Computer Science, Information Technology, or a related field
Professional certifications such as CISSP, CISM, CompTIA Security+, or similar are preferred.

Professional certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or similar are advantageous.

Proven experience working in information security or related field (., network administration, system administration) with a focus on security.
Prior experience in a cybersecurity-related role, including incident response, vulnerability management, or security analysis.
Strong knowledge of information security and cybersecurity principles, practices, and technologies.
Familiarity with relevant industry standards and frameworks (., NIST Cybersecurity Framework, CIS Controls).
Experience with security tools and technologies, including SIEM, IDS/IPS, firewalls, and antivirus solutions.
Familiarity with AWS cloud and security best practices for cloud deployments.
Expertise in security scanning tools for code, containers, and infrastructure.

Excellent problem-solving and analytical skills with the ability to analyze security incidents and vulnerabilities, diagnose and respond to security incidents effectively.

Strong communication and interpersonal skills to collaborate with various stakeholders effectively,
Ability to work independently and as part of a team in a fast-paced environment.
Knowledge of scripting languages (., Python, PowerShell) for automating security tasks is a plus.
Continuous learning orientation to keep up with evolving cyber threats and technologies.