It Security Analyst

At IM Consulting you will work in an environment of innovative solutions and services providing added value for our clients. You will participate in the transformation of businesses working with a team of professionals. Who are we looking for? We have in mind people with a passion for technology, who are enthusiastic for knowledge and to grow, reliable professionals in who can place our trust, by joining a team loyal to the purpose of the organization. How could you contribute and what would be your main goals? By ensuring customer satisfaction in every project delivered. Delivery of the project on time and with the expected quality.

Resource Description

Responsible for compliance matters to improve information security controls in SAP Systems, Infrastructure, with monitoring processes in order to compliance with international regulatory mandates as Sarbanes-Oxley Act, ensuring the correct segregation of duties in all Business Units worldwide.

Requirements

• 5+ years - Information Security
• 5+ years - Security Compliance
• Master\'s Degree (preferable)
• Information Technology or Administration
• ISACA CISM certification equivalent (desirable)
• Knowledge on ISO 27001 (desirable)
• Processes Design (desirable)
• Information security governance skills
• Ability to work well under pressure
• CISA certification (desirable)
• SOX regulation compliance knowledge
• GDPR and data privacy compliance knowledge

Responsibilities

• Assure that new technologies, current environment, providers, services or products don’t put in risk information, avoid fines and stop of operations due to a noncompliance of policies, procedures, laws, and regulations from IT information security.
• Risk assessments to processes, services and infrastructure to discover vulnerabilities
• Compliance of internal and external regulations or laws SOX, GDPR, etc.
• Risk management process to address and prioritize vulnerabilities remediation’s
• Standardization of information security practices at worldwide level with ISO27001 norm implementation
• Assurance The monitoring program Process to identify current Segregation of Duties (SOD) risks in Corporate operations in order to reduce possible potential financial risks.
• Implement information security improvements in order to ensure audit control compliance
• RSA Archer coordinator and IT risk analyst to follow up findings and risks in order to document and close them
• Conduct Security Compliance committee working sessions in order to improve audit control compliance concerns.
• Monitoring for ITGC security SOX Controls

Tipo de puesto: Tiempo completo, Por tiempo indeterminado, Por obra o tiempo determinado

Horario:

• - Turno de 8 horas

Prestaciones:

• - Trabajar desde casa
• - Vales de despensa

Tipos de compensaciones:

• - Bono de asistencia
• - Bono de puntualidad

Idioma:

• - Inglés (Obligatorio)

Licencia/Certificación:

• - ISACA (Obligatorio)
• - CISM (Obligatorio)
• - TOGAF (Obligatorio)

Lugar de trabajo: Una ubicación

Hoy

The OT Cybersecurity Operations Analyst is responsible for ensuring the security and integrity of the organization’s Operational Technology (OT) systems. This role involves monitoring, analyzing, and responding to security incidents, as well as implementing and maintaining security measures to protect OT environments from cyber threats.

Main Responsibilities

• Monitor OT Systems: Continuously monitor OT networks and systems for security breaches, anomalies, and potential threats.
• Incident Response: Lead and coordinate the response to cybersecurity incidents, including containment, eradication, and recovery efforts.
• Vulnerability Management: Conduct regular vulnerability assessments and penetration testing on OT systems to identify and mitigate security risks.
• Security Policies and Procedures: Implement, and enforce security policies, procedures, and best practices for OT environments.
• Threat Intelligence: Gather and analyze threat intelligence to stay informed about emerging threats and vulnerabilities relevant to OT environments.
• Security Reporting: Prepare detailed reports on security incidents, vulnerabilities, and remediation efforts for management and stakeholders.
• Documentation: Maintain detailed records of security incidents, vulnerabilities, and remediation efforts.
• Compliance: Ensure compliance with relevant regulations, standards, and frameworks (e.g., NIST, IEC 62443).

Position Challenges

• Complexity of OT Systems: Operational Technology (OT) environments often include a wide range of legacy systems and proprietary technologies, making it challenging to implement standardized cybersecurity measures.
• Outsourced Security Services: Relying on third-party vendors for security services can introduce risks related to vendor management and service quality.
• Evolving Threat Landscape: The cybersecurity threat landscape is constantly changing, requiring continuous monitoring, updating, and adaptation of security strategies to protect against new vulnerabilities and attack vectors.
• Regulatory Compliance: Keeping up with and ensuring compliance with various industry regulations and standards (e.g., NIST, ISO 27001) can be demanding and time-consuming.
• Cultural and Organizational Resistance: Implementing new cybersecurity measures may face resistance from staff who are accustomed to existing processes and may not fully understand the importance of cybersecurity.
• Time Zone Differences: Coordinating activities and meetings across different time zones can be challenging. It requires careful planning to ensure that all team members can participate effectively

Qualifications

• Education: Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• Experience: Minimum of 3-5 years of experience in cybersecurity, with a focus on OT environments.
• Certifications: Relevant certifications such as CISSP, CISM, GICSP, or equivalent.
• Compliance: Knowledge of regulatory requirements and industry standards related to OT cybersecurity.

Skills

• Strong understanding of OT systems and protocols (e.g., SCADA, DCS, PLCs).
• Proficiency in cybersecurity tools and technologies (e.g., SIEM, IDS/IPS, firewalls).
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.

Internal/External Relations

INTERNAL
- Operations and Technology
- IT Cyber security Operations
- IT Service management
- Local IT

EXTERNAL
- IBM - Managed Service Provider
- Claroty - Threat detection platform
- External Auditors for IEC 62443

CEMEX Diversity and Inclusion Statement
At CEMEX, we recognize the diversity of the world in which we live and in which we do business. We respect diversity, we address the inclusion and non-discrimination of any talented person, regardless of gender, physical ability, age, sexual orientation, culture, ethnicity, religion, political affiliation, marital status, pregnancy / maternity / paternity, and nationality. We promote a culture of equity for the construction of a sustainable business and the well-being and development of CEMEX employees.

Hoy

Core IT Sec GRC Domains:

Governance & Oversight: Oversee current programs (I.e. SOX, Risk assessments, risk profiles, iso, global and or regional strategic projects/tasks, etc). Provide oversight and coordination of control executions to ensure IT policies and procedures are being followed. Coordinate periodic metrics follow up and reporting to key stakeholders to ensure accountability and ownership of projects/tasks. Managing of regional cyber security catalog.

Control Framework: Evaluate the adequacy and effectiveness of internal controls as they relate to the design and operation of computer-based information systems. Develop and implement procedures and processes supporting Chubb IT Security and compliance policies, control objectives. Produce, document and maintain IT policies and internal controls at various level of the organization in relation to the IT landscape. Provide support and guidance over the development and implementation of controls and remediation actions based on practical solutions and sound risk management.

Risk Management: Proactively identify and assess on-going and emerging IT risks, challenges and process gaps through periodic internal management risk assessments. Analyze and prioritize areas of focus for mitigation, remediation or process improvement opportunities using a risk-based approach to maximize the efficiency and effectiveness.

IT Control Monitoring and Testing: Proactively identify control gaps. Remediation monitoring and tracking to ensure issues and risks are mitigated timely. Collaborate with IT to validate and verify audit findings and/or deficiencies. Facilitate audit and assessments scoping, planning, pre-audit risk assessment and process walkthroughs during the audit process. On-going monitoring and testing of controls to ensure adherence to risk requirements. Support the oversight and governance over subservice IT hosting provider(s).

Communication: Proactively identify control gaps. Remediation monitoring and tracking to ensure issues and risks are mitigated timely. Collaborate with IT to validate and verify audit findings and/or deficiencies. Facilitate audit and assessments scoping, planning, pre-audit risk assessment and process walkthroughs during the audit process. On-going monitoring and testing of controls to ensure adherence to risk requirements. Support the oversight and governance over subservice IT hosting provider(s).

Training and Education: Help on coordinate IT security related training for the IT community and key stake holders on current and new security best practices. Contribute to IT Security Training Course development.

Special projects and initiatives: Collaborate with Global Information Security on new global initiatives. Coordinate COG and Global projects and activities at the region. Perform quality control analysis over the outcomes of IT security projects and initiatives executed at the region.

Requirements for the role: Reports to the regional GRC Head. In-depth understanding of information security standards, best practices and governance, risk and compliance. Collaborative with the ability to influence without authority and have impact. Superior verbal and written communication and presentation skills, strong interpersonal skills and the ability to work independently. Demonstrates sense of prioritization, urgency and a high-degree of initiative and professional judgment. Being adaptative in highly changing and ambiguous environments.

Desired Qualifications: Desirable CISA, CISSP, CISM or CRISC - either currently possess the certification or working towards completing the certification. Project management experience. PMP certification a plus. BS in a computer science, management information systems or related field. IT Security Audit experience a plus. Desirable Information Security risk management framework experience.

Hoy

LOCATION: Remote Work

SCHEDULE: Part-time

Are you passionate about cybersecurity and seeking a unique opportunity to gain hands-on experience while working with a reputable Management Consulting firm? TalentKompass Deutschland, a leading Human Resources company based in Germany, is searching for a dedicated Cybersecurity Intern to join our esteemed client. This remote position offers an exceptional chance for someone who is eager to learn and grow in a dynamic and fast-paced environment.

As a Cybersecurity Intern, you will work closely with the consulting and IT teams, where you will be responsible for a range of tasks, including vulnerability assessments, security policy review, and incident response. You will have the extraordinary opportunity to learn from experienced professionals who will provide mentorship and guidance throughout the internship. With this internship, you will gain valuable experience in cybersecurity, risk management, and teamwork - all essential skills for a successful career in this field.

Responsibilities:

• Assist in conducting vulnerability assessments and penetration testing
• Review and analyze security policies and procedures to identify areas for improvement
• Participate in incident response efforts and help develop mitigation strategies
• Monitor and analyze network traffic for potential threats and suspicious activities
• Collaborate with cross-functional teams to address security issues and implement best practices
• Research emerging cybersecurity trends, threats, and technologies
• Support the team with general administrative tasks as needed

Requirements:

• Basic understanding of cybersecurity principles and practices
• Familiarity with network protocols, firewalls, and security technologies
• Excellent written and verbal communication skills in English
• Ability to work independently and as part of a team
• Strong analytical and problem-solving skills
• Knowledge of various operating systems, including Windows, Linux, and macOS
• Experience with cybersecurity tools, such as Wireshark or Metasploit, is a plus
• Familiarity with programming languages, such as Python, is a plus