IT Risk Consultant

Company Description

Since 1998, Lostar is the leading Information Security firm, with more than 1000 projects.

Its main services are; Information Security Checkups such as Internet-Intranet Penetration Tests, Gap Analysis of world wide best practices like COBIT, ISO 27001, ISO 22301 and ISO 20000, related consultancy and data protection projects and also Employee Security Awareness Methodology trainings.

Lostar consultants, who are well trained and experienced, create the optimal-cost solutions for their customers with paying attention to technical and commercial needs.

Roots in Turkey, Lostar has 3 offices in 3 different cities such as Istanbul, London and Sakarya.

We work with the best to create the best service and value for our clients.

For latest news and updates please follow us on:

• Linkedin: Lostar
• Instagram: LostarInfoSec
• Twitter (TR): Lostar
• Twitter (EN): Lostar_EN
• YouTube: LostarTV
• Facebook: Lostar
• Facebook (Jobs): LostarKariyer

and visit our web sites:

• English: https://lostar.com
• Turkish: https://lostar.com.tr

Job Description

·       Providing expert guidance to IT and Information Security colleagues on the identification, analysis, evaluation and treatment of information security risks.

·       Drive and support information risk reduction activities via engagement with key stakeholders and insights from internal and external cyber intelligence sources.

·       Drive and support the adoption of a leading Information Security Risk Management framework in PMI and contribute to the continuous improvement of the risk management practice.

·       Support reviews of systems and services for compliance with Company requirements in the areas of information security and information management.

·       Presenting clearly and adapting to different audiences (technical and business), synthesize feed­back from the field in a way that makes sense to senior leaders. Being able to drive data driven discussions.

·       Advisory over activities to be done throughout the project and during systems development and implementation for good information protection and audit preparedness of the implemented solution.

·       Coordinate Company practices for management of electronic and hard copy records 

·       Conducting information security risk management trainings and awareness campaigns.

·       Partnering with other Information Security teams to continuously improve the overall information security risk exposure and achieve higher levels of information security maturity.

 

 

Qualifications

·       Minimum 3 or more years of experience in implementing and maintaining a risk management framework in a modern IT environment (e.g., with cloud computing, big data, DevOps, identity & access management, personal data protection, IT systems controls and data leakage prevention solutions).

·       Good understanding of IT risk management frameworks and methodologies (e.g., NIST RMF, ISO 27005).

·       Deep knowledge of industry and regulatory requirements (e.g., SOX, GDPR, PCI-DSS).

·       Professional certifications related to information security risk management (e.g., CRISC, ISO 27005 Risk Manager), would be an asset.

·       Solid knowledge of ITIL processes, project management incl. Agile methodologies

·       Strong interpersonal, verbal and written communication skills. Fluency in written and spoken English