On behalf of our client, an international financial service provider located in Prague, we are looking for an external resource with skills and abilities as stated below:

IT Security Specialist - Compliance Management - Rapid7 Nexpose (f/m/x) financial area Prague

Our client is looking for an external Information Security Specialist to support them in implementing new security requirements (eg DORA) in their globally leading trading systems for energy and commodities markets.

The tradable instruments cover a wide variety such as Power Spot instruments, commodity futures and OTC cleared derivatives most of which are tradable 24/7, 365 days a year.

Being IS Specialist, you will be joining to a cross-location team that is responsible for 24/7 mission critical infrastructure and platform delivery of Commodities IT area. With the responsibility of implementing DORA requirements, enhancing IT security across our product-based organization, you will be contributing to the design and supporting the implementation our security backbone.

This position requires strong security background on regulated environments. You will be expected to identify security gaps proactively, determine the potential risk of those, drive for the right mitigation solution across multiple teams to make our infrastructure and applications compliant with the new security requirements and educate other members of the technical teams.

Tasks and responsibilities:

• Contribute designing security strategies and corresponding controls
• Provide subject matter expertise for compliance requirements based on corresponding information security standards.
• Implement necessary security controls and standards.
• Enhance the quality in secure infrastructure and remove toil work through everything as code approach.
• Support the Risk Management and Vulnerability Management processes.
• Collaborate with internal Dev and Ops units to establish IT security best practices.
• Create technical and procedural documentation to be shared with necessary stakeholders.
• Foster knowledge sharing and skill transfer.

Mandatory skills and experiences:

5+ years of proven professional experience for IT Security and Compliance Management using Rapid 7 Nexpose
Very good understanding of Infrastructure, Platform and Application security concepts & threats (Network Infrastructure, Operating Systems, Database, Middleware and Web applications hardening measures).
Good knowledge of Network Infrastructure, Operating Systems, Database Middleware and Web applications
Ability to quickly understand new threats and technical concepts.
Recommend appropriate controls to maintain confidentiality, integrity and availability of systems/services and to fulfil the requirements of regulators
Very good communication skills in in written and spoken English
Sense for detail and for picking the right solution while

Optional skills:

• Bachelor's degree or equivalent in Computer Science, Information Systems Management, Information Technology, or other related discipline
• 5+ years' professional experience in Information Security field
• Strong knowledge of security protocols and standards
• Knowledge of PAM and IAM work frames
• Strong knowledge of Segregation of Duty and Internal Control Systems
• Familiar with the security hardening of DevSecOps processes
• Familiar with Risk Management and Vulnerability Management
• Strong documentation skills
• Ability to bridge between IT and Corporate staff such as Legal, Compliance and Audit sections
• Hands-on experience in designing and implementing automated security testing
• Strong written and oral communication and analytical problem-solving skills
• Good understanding of regulatory conditions and requirements in the finance IT (BaIT, KRITIS, DORA etc.)
• CISSP certification is a plus. (eg ISO 2700x, German BSI IT Grundschutz, COBIT, MaRisk)

Additional information:

• Start date of assignment: 13.01.2025
• Initial contract duration: 31.12.2025
• Degree of employment: Full-time
• Location: Prague
• Remote: 50%

Please let us know if this project is of interest to you and when you could be available.

We are looking forward to your reply.

Best regards,

Andy

GDPR:

You are interested in this project and would like to send us your CV?

Due to the General Data Protection Regulation (GDPR), we would like to ask you to give us your written consent to the permanent storage of your data in your email. We use your data exclusively for the purpose of our staffing activities.

Of course, you have the right to information, correction, blocking or deletion of your data at any time.

Template: I agree to the permanent storage of my data. I know that I have the right to information, correction, blocking or deletion and can revoke this consent at any time".