Loading

Banner Default Image

IT Security Expert (CIS Compliance)

  • Location

    Prague/Remote with occasional visit to the office

  • Sector:

    Digital & Technology, Finance & Banking

  • Job type:

    Contract

  • Salary/Rate:

    350 upwards (Negotiable)

  • Contact:

    Paul Smith

  • Contact email:

    psmith@skillfindergroup.com

  • Job ref:

    18628USER_38

  • Consultant:

    Paul Smith

IT Security Expert - (CIS Compliance) - Prague/Remote with occasional visit to the office



Role Overview


We are looking for at least one more person with hands on Baseline creation based on CIS benchmark experience. Self driven to identify issues in current process and lead fixing it.

The Group Security department is integral to implementing the organization's information security strategy. As a central service provider for various entities within the group, Group Security is tasked with protecting information assets, including those of suppliers. This protection focuses on safety, integrity, confidentiality, authenticity, and availability, achieved through the enforcement of information security controls based on relevant regulatory requirements and adherence to the international ISO/IEC 27000-series standards for Information Security Management Systems.

Responsibilities:


• Lead system security initiatives, including vulnerability and compliance checks for system hardening, vulnerability notifications, source code scanning, quality checks of reported results, tracking, and monitoring the remediation of open findings in IT, and regular reporting.
• Provide leadership, advice, and support to IT support groups to understand vulnerabilities, acting as an expert/specialist.
• Guide IT in re-engineering processes and procedures necessary for remediation, recommend actions, and track these actions. Collaborate on the resolution of critical audit findings.
• Ensure daily operational duties related to security management are performed in compliance with relevant policies and industry best practices.
• Develop information security guidelines, processes, procedures, and baselines in line with organizational policies and standards, as well as international quality management standards.
• Expertise in cloud principles and the risks associated with public and hybrid clouds.
• Perform risk assessments of security architecture and propose solutions for mitigating identified risks.
• Develop expertise in cloud through CNAPP solutions.
• Conduct training sessions for legal entities on new and emerging technology changes.

Skills/Experience:


• 10+ years of proven professional experience in IT security, IT risk, and compliance management, with at least 2 years of experience in a multi-cloud environment.
• Strong understanding of infrastructure, platform, and application security concepts and threats, including network infrastructure, operating systems, databases, middleware, and web application hardening measures.
• Ability to create custom checks for tools like Rapid7, Symantec CCS, Prisma Cloud, JSON, etc.
• Experience with CNAPP capabilities (CIEM, code security, workload protection) and their integration with the enterprise landscape (asset inventory, ticketing tools, DevSecOps).
• Fundamental knowledge of cloud platforms such as GCP, Azure, or AWS, including VM and container technologies like GKE and AKS.
• Recommend appropriate controls to maintain the confidentiality, integrity, and availability of systems/services, and to meet regulatory requirements.
• Excellent communication skills in written and spoken English (knowledge of German or Czech is a plus).

Highly desirable:


• Security-related certification (e.g., CCSP, CISSP, CISM), or a willingness to acquire a major certification within one or two years.
• Good knowledge of ITIL (ITIL certification).
• Experience with system security tools/solutions (e.g., CNAPP, AquaSec, Rapid7).
• Effective organizational skills to maintain a consistently high standard of operations in a business-critical financial environment.