Information Security Lead

Data Science UA is a service company with strong data science and AI expertise. Our journey began in 2016 with the organization of the first Data Science UA conference, setting the foundation for our growth. Over the past 8 years, we have diligently fostered the largest Data Science Community in Eastern Europe, boasting a network of over 30,000 AI top engineers.

About the client:
Our client is a product IT company developing a leading ride-hailing service. Every day, the client’s powerful team pumps out one of the largest infrastructures in the market of Ukraine and beyond, ensuring the interaction of drivers and riders.

The company creates a high-load product, behind which are hidden ambitious technological challenges, continuous innovation and non-obvious moves. The company’s work framework is to test new hypotheses, push their ideas and use the latest technology stack.

About the role:
We are looking for an Information Security Lead who will join the team.

Requirements:
– At least 5 years of experience in information security.
– Experience in building and implementing information security.
– Experience in managing information security teams of 5 or more people.
– Experience in working with cross-functional teams.
– Experience in conducting ISO 27001, ISO 22301 security audits.
– Experience in managing security incidents: analyzing, identifying causes, developing recommendations and implementing changes to minimize risks.
– Understanding of the main information security standards: ISO 27001/22301, NIST Cybersecurity Framework, OWASP Top 10.
– Knowledge of the basics of product security and secure development (AWS, Secure SDLC).
– Knowledge of modern cybersecurity technologies.

Nice to have:
– Legal and regulatory knowledge: understanding local and international data regulatory requirements (GDPR, CCPA, etc.).

Challenges for six months:
– Independently audit existing ISMS/BCMS and propose improvements.
– Prepare for and successfully pass an ISO 27001/22301 surveillance audit.
– Carry out a penetration test.
– Update the training program and content and questionnaires (on information security and business continuity) for company personnel.
– Create a matrix of access to information types and accelerate the automation of Access Management processes.

Responsibilities:
– Planning, motivation, organization and control of Information Security work.
– Full cycle of work with risks (identification, analysis, control of information security and business continuity risks for the company).
– Interaction and establishment of processes with all other departments to ensure data protection.
– Inventory of company information resources.
– Processing of security incidents and implementation of solutions to prevent a repeat incident.
– Training users in the basics of information security, monitoring awareness of company rules.
– Documentation of information security and business continuity management processes.

The client offers:
– Regular performance & salary review.
– Internal trainings, workshops, hackathons, knowledge sharing.
– Corporate training, library, and subscriptions to information resources.
– Attending webinars, and lectures with the participation of company speakers.
– Personal/team budget for training.
– English lessons.
– 20 days off for personal needs and 10 days off due to illness (with retention of remuneration).
– Day off on your birthday as a gift to the company and for blood donation.
– Healthcare.

About