לוח משרות דרושים מנהל אבטחת מידע / סייבר / CISO במרכז

we are looking for highly capable Incident Response Expert. The Incident Response Expert role includes conducting in-depth forensic analysis, investigation and response to real-world cyber threats. A significant part of our investigations is performed onsite at the client location, in collaboration with the clients IT and security teams.

Main Responsibilities

Participate in forensic and incident response investigations, including large scale sophisticated attacks, conduct log analysis, host and network-based forensics and malware analysis.

Participate in threat hunting: proactively hunt for targeted attacks and new emerging threats in clients networks; as well as security assessments and simulations.

Identify indicators of compromise (IOCs) and tools, tactics, and procedures (TTPs) to help ascertain whether and how breaches have occurred.

Utilize and develop tools and methodologies to improve existing investigative and hunting technological stack.

Collaborate with IT and Security teams during investigations.

Generate and present a comprehensive and professional report of findings from investigations.

we are looking for an Incident Response Team Leader to lead investigations and response activities in support of organizations worldwide.

Cyber threats are constantly growing in volume, velocity and sophistication. When an organization is confronted with an advanced attack, it needs the strongest capabilities on its side. In many cases, an incident response engagement is in fact a battle within a network. The operational art, experience, focus, and speed of response teams can mean the difference between a minor blow, and a devastating impact on an organizations performance and reputation.

The Incident Response Team Leader will be key to the success of Incident Response projects worldwide, and should possess strong leadership skills, be highly technical and thrive in a fast-paced and dynamic environment.

We are a global leader of iLottery solutions and services to national and state-regulated lotteries. We are part of the company`s Group, an iGaming powerhouse with 1100 employees spread across 8 countries. We pride ourselves on our People first culture. Not only has it been a core value in our organization for as long as we can remember but it also runs in our DNA and is felt in every aspect of our operations. We are currently seeking a SecOps Manager. In this position you will work to implement the Security Operations strategy as part of the Cyber security team, to enable secure business operations and missions. As a Security Operations Manager, you will be responsible for overseeing the security operations of the Real Money Gaming (RMG) production workloads. You will supervise a team of security professionals to ensure the confidentiality, integrity, and availability of the organization's production information assets. This role requires a deep understanding of security operations, incident response, threat intelligence, and risk management. The Manager of security Operations will leverage their knowledge of best practices to be able to support the Security Operations policies, standards, and legal requirements while overseeing a team of Security Operations and Engineering SMEs. The Manager, Security Ops will execute Security Ops & Engineering strategy, manage and work with relevant vendors to solve security issues and problems. This role will require a keen understanding of business key assets and processes, unique business requirements, the information security program, and combining this information to address residual risk by recommending security enhancements within the area of responsibility.
Responsibilities:
Responsible for the Confidentiality, Integrity, and Availability of PROD systems. Lead and supervise our external (MSP) Security Operations Center ( SOC ) functions that consist of: Monitoring, detection and analysis activities Threat Hunting Threat intelligence activities Incident response (IR) activities Being the focal point for PROD security incidents Manage the investigation, provide communication Coordinate incident response process ( SOC ) for PROD workloads Lead the incident response process, ensuring security incidents are promptly detected, assessed, and mitigated.. Coordinate and communicate with RMG customers during incidents to provide updates on progress and potential impacts. Communication will be performed in partnership with Product Security and GIS. Conducting post-incident reviews, and implementing improvements based on lessons learned.. Enrich and expand the SOC coverage based on existing/ & new attack vectors. Suggest detection and response improvements for GIS as well as the MSP to speed up and/or enhance detection capabilities. Ensures security operations playbooks are created and/or in place to cover any identified process gaps and the team is able to execute against them in the absence of leadership. Develops and reports key metrics to demonstrate the success of the organization across organizational levels, up to, and including, the Board. Ensure the ongoing delivery/implementation of security measures & tools Work with IT & DevOps to make sure that the security roadmap is fully delivered with optimal quality. Assists with setting and advancing the global strategic vision, and execution of Security Operations and Engineering aspects of Our Global Information Security program. Monitors industry information technology and security trends, threats, and regulatory trends to identify effects to Security Operations interests and in scope responsibilities. Supports acquisition due diligence for information security risks and supports control design for integration. Participates in reporting requirements, monthly/quarterly status meetings.

We are looking for a motivated, energetic and experienced Information Security Manager (ISM) to be part of our information security journey and take the lead in the security GRC and awareness domains. Take ownership of your domain and oversee information security through the development of policies, training initiatives, establishment of vendor security assurance, advancement of company awareness, and the development of security and privacy compliance certificates and audits.

As a key role within the Information Security team, the ISM position requires a working knowledge of information security systems and technologies. The ISM will proactively work with all teams and departments to implement practices that meet defined policies and standards for information security. He or she will also oversee a variety of security-related risk management activities.

The ISM will serve within the Governance, Risk, and Compliance (GRC) team as the process owners of GRC activities related to the availability, integrity and confidentiality of customers, business partners/vendors, employees, and business information in compliance with the organization's information security policies. The ISM must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode.
What you will be doing:
Manage Forters GRC program, ensuring compliance with SOC2, ISO 27001/27701 and PCI-DSS, while enhancing process efficiency through the implementation of automation.
Review, update, and create policies and procedures to ensure alignment with customer requirements, certifications, and regulations.
Respond to security questions and questionnaires from company prospects and customers, providing support for company operations.
Conduct routine internal security reviews.
Manage information security risk activities, including conducting annual risk assessments, performing root cause analysis, and overseeing remediation activities.
Lead the vendor security program - Assess the security and compliance of vendors.
Responsible for the security awareness program, conducting training sessions, quizzes, and drills.
Continuously enhance the security standard of solutions by developing / implementing open-source / third-party tools to assist in detection, prevention and analysis of security threats, manage internal and external pen testing and test security products and evaluate them.
Provide technical answers and assist sales teams with RFPs / RFIs / RFQs and sales efforts.

We are looking for a SecOps Director.
In this role, you will be responsible for:
Aligning vulnerability management functions with the organization's overall business objectives by reducing information technology threat
Improving & maturing established security metrics associated with vulnerability management, security operations center, security monitoring, etc.
Overseeing projects for deploying new cyber security tools and processes
Leading successful projects, ensuring high quality and timely delivery of features
Ensuring the team builds operational processes that are architecturally consistent, of high quality, and that follows operational best practices
Overseeing the development and implementation of appropriate and effective controls to mitigate identified threats and risk
Have fingerprints on building the future of Gates' cyber security organization.
Collaborate and engage with key business stakeholders, including technology peers to help them better manage their technology risk through pragmatic and fit for purpose solutions.
Be responsible for auditing, assessing & architectural recommendations as it pertains to our technical cyber security infrastructure while helping to continuously improve our Cybersecurity maturity and defensive posture.
Work with our internal stakeholders to provide support related to security functions and technologies including Privileged Access Management (PAM), Threat hunting management, SSO/MFA, Active Directory, Windows/Linux OS hardening, vulnerability remediation, EDR, SOC oversight, security metrics, E-Discovery and incident response

Medison is a global pharma company providing access to highly innovative therapies to patients in international markets. Medison commercializes highly innovative therapies across Israel ,Europe, Americas and ANZ helping to save and improve the lives of patients suffering from the most challenging diseases. Medison has deep expertise in local regulatory and market access know-how with uncompromising compliance excellence. It offers an affiliate-like partnership and tailored-solutions for country-specific and regional commercialization, enabling emerging biotech companies to navigate local complexities and to expand their reach to patients in Central Eastern Europe. Reporting to Compliance Director, the Risk Manager will oversee the compliance risk management program, assessing and identifying risks that could damage the company reputation in terms of anti bribery and corruption. The position will be responsible for conducting Internal audits and will be part of leading external audits He/she will be enhancing the global and regional compliance standards and supporting the continued development and implementation of Medison’s compliance program and ethical behavior. The Risk Manager must have excellent quantitative and analytical skills, along with the ability to apply those skills across a variety of business processes. The Risk Manager will be responsible for ensuring that Medison and its partners accede to regulatory requirements, both national and international, as required by local regulation and law. He/she will ensure full adherence to standards, policies, and procedures. He/she will also be responsible to enhance internal policies. Some international travel will be required.

Responsibilities:
Risk Assessment
* Develop communicate and ensure implementation of global guideline and processes for assessing and remediating compliance risk for all operations that have touchpoints with healthcare professionals, high risk third party engagements or government officials.
* Collaborate with local compliance officers and other functions to continuously monitor trends and changes in the external environment, such as enforcement action or new laws, and promote and refresh policies, trainings or other elements of the compliance program.
* Identify and act on internal risks and gaps in compliance program effectiveness. Devise/ advise global mitigation and corrective actions.
* Manage risks based compliance program (based on internal and external data) on relevant partners and/or vendors. Ensure appropriate mitigations based on the assigned risk level Internal& Partners Audits
* Support and lead all internal and external compliance audits, including main focal point for communication with auditors and internal business partners
* Ensure all relevant information and documents and available for effective audits
* Responsible for carrying out reviews and assessments of compliance clearance activities across the Company.
* Test the extent to which business is and remains demonstrably compliant
* Providing advice and guidance to the business on necessary corrective and preventive actions to achieve improved compliance,
* Reporting to compliance management and other relevant functions on levels of compliance assurance and/or any issues arising from monitoring/external/internal.

A global technology company in the payments industry. Our mission is to connect
and power an inclusive, digital economy that benefits everyone, everywhere by making
transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships
and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.
Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our
company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.
Overview-
looking for an Information Security Lead to steer the organizations information security, data security and risk management. The Information Security Lead will work with various departments in and implement the organizations best practices. This role will report to the VP technologies operations organization.
Role-
Developing, implementing, and monitoring a strategic, comprehensive enterprise information security and IT risk management program that aligns with the organizations business objectives and regulatory requirements. The program is required to align with corporate strategy and directives.
Providing and approving security related items in RFP responses and contract negotiations. Joining customer calls to explain our security position and understand the customer needs.
Partnering with business units and stakeholders across the organization to facilitate risk assessment and risk management processes, and to raise awareness of security issues and best practices.
Establishing and maintaining an information security management framework that incorporates industry standards and best practices and lead compliance audits for ISO/IEC 27xxx, SOC II and other security certifications.
Assisting in the selection, implementation, and maintenance of security technologies, tools, and processes that support the organizations security goals and policies.
Responding to security incidents and breaches, and coordinating with internal and external parties to investigate, contain, remediate, and report on them.
Evaluating and reporting the organizations security posture and performance, and provide regular feedback and recommendations to senior management.
Staying abreast of current and emerging security threats, trends, technologies, and best practices, and ensuring that the organization adapts accordingly.
Sourcing and selecting vendors and service providers that offer security solutions or support.

we are looking for a Threat Researcher to join its Threat Intelligence Analysis (TIA) team. The team is responsible of discovering, analyzing and tracking advanced threat actors and campaigns, with a strong focus on high-end cybercrime and nation-state activities. You will join a team of motivated, independent and highly technical individuals to contribute the effort to protect customers and empower the brand.

Key Responsibilities
Identify, understand and monitor advanced campaigns using publicly available sources as well as internal data.
Analyze malware and other hacking tools utilized by threat actors in active campaigns and intrusions.
Create technical research content for external publications and private intelligence reports.
Help creating protections and detections based on deep understanding of advanced threat actors Tactics Techniques and Procedures (TTPs).
Collaborate with other security teams to assist in threat intelligence and research tasks.

In this role, you will be leading containers security product offering. Using data, customer feedback, and market research you will be responsible for understanding the customer needs and will use this to define and drive containers security offering forward. Strong customer focus, excellent communication skill both with customers and R&D including the ability to translate customer into clear requirements.

Key Responsibilities
Specify market requirements for current and future products by conducting market research supported by ongoing engagement with the field
Understand the competitive market and seek to emphasize our advantage
Monitor and understand the ongoing K8s changes and help to innovate K8s security
Help to define new containers security features and fine tune existing ones
Work closely with our engineering and go-to-market teams providing detailed requirements and guidance
Develop, manage, and communicate the product requirements and roadmap to both internal and external stakeholders

we are looking to hire a highly motivated, best-in-class Cluster Security Manager to manage the physical security at our data centers.
You will be responsible for managing the on-site operational physical security of our data centers and will have a thorough knowledge of access control systems and process, guard force management, contract management, vendor management, risk assessment & management, reporting security metrics, security audits and incident reporting.
Key job responsibilities:
Manage the daily operations of the vendors providing services, training and risk assessment; conduct investigations of Code of Conduct, and other violations, as needed
Collaborate with other teams within our company (Data Center (DC) Engineering, DC Operations, etc.) and outside (Vendors, Emergency Services, etc.) as they relate to daily operations
Develop security plans for on-site special events and other unique security situations to assure proper access control and evacuation procedures are followed
Perform data analysis and create benchmarking to support risk assessments and threat identification
Partner with DC Engineering and other business units to identify safety and security deficiencies, and develop customized policies and procedures to gain compliance with regulations internal and external
As part of a global team in this space you will also be required to work with peers in other geographic regions and travel as required by us.
We are open to hiring candidates to work out of one of the following locations:
Tel Aviv, ISR.

We are looking for a Head of Security Research.
This is an individual contributor position with an excellent opportunity to contribute to cutting-edge research and make a significant impact in the field of cybersecurity.
Responsibilities:
Lead the security research domain in our company
Conduct in-depth research to identify and analyze the latest security threats, vulnerabilities, and attack techniques.
Analyze traffic and attack information from our hundreds of customers, to identify opportunities to strengthen our security policies.
Keep up-to-date with emerging trends, standards and best practices in the cybersecurity landscape and contribute to the development of innovative security solutions.
Perform penetration testing to identify opportunities to improve our security policies.
Collaborate with cross-functional teams to develop and implement effective security measures.
Issue security updates for ourcustomers and monitor their impact.
Help Support in responding to attacks, understand them and create relevant protections.
Act as a subject matter expert, providing guidance and support to other teams within the organization.

In this role, you will be responsible for executing the information security, governance, risk, and compliance strategies as defined by the CISO. This role requires a strong focus on the day-to-day management of security practices, GRC activities, and the integration of security within the software development lifecycle, ensuring the organizations policies, procedures, and systems are aligned with regulatory requirements and industry best practices.

We cant promise it will be easy, but definitely exciting and most importantly FUN.

This position is located in Israel, and youll be reporting directly to the CISO.

Lets get down to business:



The opportunity

Program Implementation: Execute the organizations information security and GRC programs based on strategies and objectives set by the CIO and acting CISO. This includes implementing security policies, controls, and standards across the organization.
GRC Activities Management: Facilitate GRC processes, including risk assessments, compliance audits, and policy management, ensuring alignment with external regulations and internal standards.
Secure SDLC Oversight: Work closely with the R&D and software development teams to integrate security measures throughout the SDLC, from requirements analysis to deployment, based on predefined frameworks and best practices.
Data Access and Policy Enforcement: Manage data access controls and policy enforcement mechanisms to safeguard sensitive information and ensure compliance with data protection regulations.
Tool and Platform Management: Oversee the effective use of the GRC platform for risk management, compliance tracking, and policy documentation. Ensure tools and technologies used for security and compliance are optimized and up to date.
Collaboration and Support: Collaborate with IT, R&D, legal, and other departments to support security and compliance projects. Provide expertise and guidance on implementing security and compliance requirements.
Incident Response Support: Assist in managing and refining the incident response process and procedures, ensuring readiness to respond to security incidents effectively.
Awareness and Training: Support the development and delivery of security awareness and training programs to promote a culture of security and compliance throughout the organization.