Information Security Officer
- The ISO refers directly to the management. Measures, which he induced, are being accounted by him in front of the management. He has the right of direct recitation.
- The ISO is compared to IT-Staff, the system administrator and user supporter, as well as the users in case of security relevant issues authorizing officer.
- The ISO is authorized, to quit IT-Applications either temporarily or entirely if the IT-Security (availability, confidentiality, integrity) is endangered or an immediate risk is in existence (disclosure of customer information). About this he informs the Management and MSITS Cyber Security immediately.
- In case of a IT-Security-Coordinating-Committee by MSH, the ISO is part of the MSH ISO Organization
- On demand, the ISO can host assessments, which provide insight on the maturity level regarding IT-Security. Severe security issues are being reported immediately to the MSITS Cyber Security.
- The ISO is able to access all operational areas that are IT- relevant operational areas, on demand as needed to prevent and investigate damage for the company.
- The ISO is able to access IT-Systems, after a data privacy approval is carried out and the four-eyes principle is assured, if he has a legitimate reason. Present emergency procedures should be used in case of availability. Incidents have to be documented.
- The ISO updates and further develops the subsidiaries IT Security Management System (ISMS) in coordination with the MSITS Cyber Security & MSH-Corporate Security.
- The ISO coordinates measures and plans that have group wide impact, with the MSITS Cyber Security.
- The ISO informs the MSITS Cyber Security and MSH Corporate Security periodically about the status of relevant measures, possible exceptions for security guidelines and security incidents. Connected Information Security-Risks are being handled in line with the MSITS Cyber Security Information-Risk management-Processes.
- In the field of IT-Security he informs the IT-Management, as well as the IT-User, about the present regulations, the current developments and changes.
- Decisions, a ISO took as an emergency measure within the emergency response, are being communicated immediately to the MSITS Cyber Security, IT-Management and if applicable to more responsible departments.
Tasks of the Management
- Appointment of the responsible manager for IT Security.
- Support of the IT Security Officers through the management of subsidiary, to the full extent.
- Implementing the IT Security Strategy form MSITS Cyber Security, as derived from the business strategy and the IT-Strategy from MSH.
- The management is responsible for staff and budget, so contracts can be fulfilled.
- The management provides measures of education and training.
- Establishment of necessary interfaces within the MSH.
- Preventing conflicts of interest and being compliant with the separation of functions, through an appropriate classification and establishment of the section-/escalation structure.
- Establishment of a IT Security Organization within the subsidiary with official section structures for the ISO of the MSITS.
- Minimum of 3 years experience in terms of IT Security
- Existing Security Certification (CISSP, CISM, CISA, etc.) or comparable or the ability to achieve a certification within 6 months
- Knowledge of ISO27001/2 would be appreciated
- Bachelor or similar education
- Good knowlegde of operating Systems, Networks and Databases
- Very good communication and persuasion skills
- Dynamic working environment;
- Possibility to influence business decisions, flat organizational structure
- Work life balance
- Small and committed team
- IT Operation, Telecommunication
- IT Security
- Full time
- 3-5 years professional experience
Required language level:
- English - intermediate / communication
Budapest, 1138 Váci út 140.
How to apply/ contact information:
If you are interested, please send your application (possible entry date and salary expectation).