Aegon Emeklilik ve Hayat - Information Security Specialist
The Information Security Specialist is responsible for all aspects of the organization’s information security. This includes ensuring compliance to and implementations and development of information security policies. Performing risk analyses and assessments. Planning, coordinating, implementing and maintaining the organization’s information security for business assurance and quality.
Support business continuity planning and contingency drills. Knowledgeable about business security practices and procedures; current security best practices and procedures; industry standard communication protocols; encryption techniques/tools; familiarity with commercial products, and current Internet/Electronic Communications technology.
- Implement and maintain the Aegon IT Control Framework
- Supporting the implementation and maintenance of compliance with PCIDSS standard
- Identify and mitigate proactively Information Security and Data Protection risks; evaluate Information Security risks on a daily basis
- Review technical solution designs for compliance with the Aegon Information Security policies
- Follow-up and resolve open issues identified through internal and external Information Security audits
- Periodically measuring and improving effectiveness of information security controls, reporting to stakeholders and upper management
- Coordinate and conduct information security due diligence of suppliers
- Manages and provides effective leadership in day-to-day security operations on key Information Security areas: Web/Mobile and Cloud penetration testing, threat intelligence, secure coding, and Secure SDLC
- Ensure the designs and solutions comply with the Aegon Global Standards and Blueprints.
- Minimum 3 years professional experience in Information Security /Data Protection in a complex IT and Network environment
- Strong knowledge of Information Security technologies such as IDPS, WAF, Firewalls, DDoS, UAC, DAM, Anti-spam, Anti-Malware, SIEM
- Strong awareness of standards and certificates such as: CISSP, ISO27001, CCNA Security, Risk Management, knowledge of COBIT, ISMS and IT Service Management processes (e.g. ITIL)
- Knowledge of various application architectures, Windows/Linux based operating systems, infrastructure,
- Core experience and profound knowledge in application and infrastructure security testing,
- Strong understanding of OWASP Top 10
- Experience with performing code review, wireless and firewall assessments.
- Network Security – Firewalls / NAT / IPSEC / Access Lists / Proxy / IPS / IDS / URL filtering
- Ability to work under broad direction with minimum supervision.