Job Details

Company: Sber is looking for a Head of Cybersecurity in Moscow. Responsibilities include operational management of an expert team, interaction with IT support, business analysts, developers, and product owners, providing cybersecurity consultations, and preparing cybersecurity requirements.

You will be responsible for: - Operational management of an expert team - Interaction with IT support teams, business analysts, developers, and product owners, representatives of regulators, providing consultations on cybersecurity issues - Preparation of cybersecurity requirements (both conceptual and detailed) for new automated systems, technologies, processes, products - Analysis of conceptual architectures of projects for the development and modification of automated systems - Expertise in changes implemented in business processes, products, services of the bank for cybersecurity threats, selection of adequate and optimal protection measures - Participation in acceptance testing of banking systems and products, planning and organizing audits - Preparation of recommendations and proposals for changes to the bank's processes and regulatory documents - Participation in goal setting, ensuring the achievement of target results.

For effective performance, you need to: - Formulate a firm position on cybersecurity issues regarding identified threats - Assess the risks of changes implemented in business processes, products, and services of the bank - Model cybersecurity threats - Write informational reports on identified software vulnerabilities and business process deficiencies - Possess project and operational management skills. What is important to us: - Higher technical education in information security or information technology - Deep knowledge of security standards and legislation: STO BR IBBS, PCI DSS, 395-FZ, 63-FZ, 152-FZ, 259-FZ, etc. - Understanding of Agile principles, software lifecycle specifics, DevOps/DevSecOps practices, production process tools - Understanding of network architecture, automated system architecture design patterns, specifics of LLM operation and AI agent development - Confident command of secure application design practices and principles (security by design, least privilege, zero trust, etc.) - Knowledge and deep understanding of applied protocols and integration mechanisms, specifics of Docker and Kubernetes virtualization and orchestration - Understanding of web application and AI agent vulnerabilities, knowledge of their mitigation mechanisms - Deep understanding of PKI concepts and architectures, specifics of different types of electronic signatures, nuances of using information security tools and cryptographic information security tools for protecting personal data, payment card data, and payment application data - Knowledge of authentication, authorization protocols, message validation principles, and request sanitization - Understanding of blockchain network functioning mechanisms.