Information Security Risk Manager
4finance Group is one of Europe’s largest digital consumer lenders.
For more than 10 years we have been providing fast and convenient financial solutions in a digital world.
Leveraging automation and data-driven insights, 4finance provides convenient products in a responsible way. We offer various types of loans, designed to meet our customers’ needs.
At 4finance, we have an entrepreneurial mindset, strive for excellence, yet keep things simple. Our business is driven by leading edge technology and our talented people - the most important ingredient of our success. 4finance has created a supportive, rewarding and empowering environment, where employees can grow their talent. We are proud to have a global network of leading experts, who are driven by passion to deliver.
We love what we do!
Join our team! We are looking for a Information Security Risk Manager in Vilnius office
The main components of Information Security Risk Manager role will be strengthening, improving, and maintaining security testing program together with external testing vendors, and supporting of overall Information Security risk management and governance processes of 4finance Group. Information Security Risk Manager will report to Chief Information Security Officer.
- Support necessary processes to ensure continuous risk identification, risk assessments, and risk mitigations for Information Security area
- Participate in project management activities related to mitigation of identified risks, provide general and technical guidance for implementation of risk mitigating controls
- Provide guidance to other teams in implementation of corporate Information security standards
- Plan and organize various security tests with the help of external partners. Improve existing penetration-testing program, follow-up regularly on open risk items
- Feed results from penetration testing program into overall risk management processes
- Communicate and explain risks and vulnerabilities to various stakeholders in other areas of the organization (e.g., IT management, business subsidiary management etc.)
- Support Internal Audit regarding Information Security issues by maintaining control over open risk items, follow-up on mitigation activities
- Contribute to planning and execution of Information Security awareness activities
- Contribute to performing security risk and architecture assessments of newly introduced solutions and launched projects
- Perform other related Information Security tasks as assigned
Expectations from candidates
- 5 years of experience in Information Security management, security testing, or security audit
- Good understanding of the Information Security governance practices in large organizations
- Good knowledge of Information Security and information systems governance frameworks and standards (such as ISO/IEC 27001, ISO/IEC 27005, COBIT5/COBIT2019, ITIL etc.)
- Good understanding of IT systems architecture and related security implications
- Security certifications such as CISA, CISM, CRISC, CISSP are preferable, but not mandatory
- Practical experience in web-application security testing and web-application vulnerability mitigations can be considered as advantage
- Excellent people networking skills, capable of identifying and establishing successful relationships with key stakeholders and decision-makers
- Good presentation skills, proven ability to present complex information in an easily understandable way
- Ability to work effectively in a multicultural environment
- Fully comfortable working in English, both written and spoken
We are offering
- Challenging projects that you will have the real impact on
- Employee development program to support you in your professional development
- Comfortable centrally-located office and modern development equipment
- Health insurance
- The best team and great colleagues