IT Security Compliance Manager identifies, manages, and reports on RFE/RL’s security, privacy, regulatory, legislative, and contractual obligations supporting the company’s security strategy. He/she contributes to RFE/RL’s Information Security Program led by the IT Security Director through the application of USAGM-required FISMA security controls and related best practices. He/she is responsible for ensuring RFE/RL is compliant with its Digital Security policies, standards, and procedures.
This is a locally recruited full-time position on a one-year assignment initially, with the possibility of extension for an open-ended contract after one year. The opportunity is only open to applicants with the legal right to work in the Czech Republic.
- Develop, review, and improve RFE/RL’s information security and privacy policies, standards, and procedures.
- Develop, lead, and coordinate RFE/RL’s FISMA compliance initiative which is required by USAGM and aligned to RFE/RL’s Information Security Program and FISMA requirements (NIST SP 800-53R5).
- Act as the primary point of contact to implement RFE/RL’s FISMA requirements as required by USAGM in close coordination with the Pangea Digital division and USAGM counterparts, progressing strategic objectives and maintaining necessary documentation.
- Support an overall integrated security management approach through configuration management standards.
- Implement application security vulnerability management best practices through rigorous scans and penetration tests aligned to release management activities.
- Design and schedule appropriate automated reports and appropriate technical compliance reviews and audits to maintain appropriate security protection.
- Support the IT Security team’s overall security incident management process activities, response, and reporting.
Performs other related duties as assigned.
- University Degree (Information Technology or similar)
- Security Certifications: CISSP, CISA, or CISM
- Minimum 3 years’ experience as security lead on maintaining a security management framework.
- Comprehensive experience with information security compliance in an international environment, including in risk, compliance, and information security policy development.
- Experience coordinating and maintaining application security best practices on physical and virtualized environments, inclusive of vulnerability scans and penetration testing know-how.
- Practical know-how and expertise with Microsoft operating systems and cloud environment (O365/Azure Security & Compliance).
- Knowledge of IT processes and controls and understanding of risk and control frameworks (NIST, ITIL, FISMA, GDPR).
- Strong organizational and communication skills (both verbal and written).
- Excellent interpersonal skills with the ability to effectively communicate with a wide range of individuals and teams.
- Standard of excellence with work processes and outcomes, honoring company policies and regulatory requirements.
- Attention to detail, planning ahead, and managing time well.
- Team oriented, with the ability to build strong working relationships and a positive work environment.
- Receptive to feedback, willing to learn, embracing continuous improvement.
- Strong command of English is required.
- Other languages a plus
Should you be interested in this position please apply by submitting your CV and a cover letter in English.
Appointment against this post is on a local basis only. Please note that for the locally advertised positions preference will be given to those with a work permit and/or a valid residence status in the Czech Republic. Locally recruited employees should reside within commuting distance of Prague, Czech Republic, or be willing to move to take up work. They are not eligible for allowances applicable to candidates who are internationally recruited. Rather, they receive statutory benefits as per Czech labor law. Salary scales for locally recruited employees are based on the best prevailing local conditions. RFE/RL does, however, cover the costs of interview travel and, upon appointment, some relocation costs.
Note: In response to changing operational requirements, RFE/RL retains the discretion not to make an appointment, or to modify the job specifications for a particular vacancy.
By replying to this advertisement or sending your CV and/or other personal data to RadioFreeEurope/RadioLiberty, you are agreeing to having your data saved and managed by employees of the HR department of the company for possible future reference in full accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) GDPR and Act No 110/2019 Coll., on personal data processing. This agreement may only be withdrawn by a written revocation and remains valid until that date. However no longer than 5 years.
Odpovědí na tento inzerát či zasláním Vašeho životopisu a případných dalších osobních materiálů do společnosti RadioFreeEurope/RadioLiberty dáváte souhlas ke zpracování a uchování Vašich osobních údajů dle Nařízení Evropského parlamentu a Rady (EU) 2016/679 ze dne 27. dubna 2016 o ochraně fyzických osob v souvislosti se zpracováním osobních údajů a o volném pohybu těchto údajů a o zrušení směrnice 95/46/ES (obecné nařízení o ochraně osobních údajů), dále jen GDPR a zákona č. 110/2019 Sb., o zpracování osobních údajů. Tento souhlas platí až do jeho odvolání písemnou formou, maximálně však po dobu 5 let.
Privacy Notice for RFE/RL Job Applicants
RFE/RL, Inc. is a private, nonprofit corporation funded by a grant from the U.S. Congress through the U.S. Agency for Global Media (USAGM). Due to RFE/RL’s special character, the countries in which RFE/RL operates, and the type of work RFE/RL performs, it is RFE/RL's obligation to verify the accuracy of information provided by each applicant in order to ensure the safety and security of our employees and workplace. RFE/RL must ensure that everybody who advances to the final stage of the selection process for a position at RFE/RL and who wishes to enter into an employment relationship with RFE/RL must undergo pre-employment background check.
With respect to the above, RFE/RL informs you, as an applicant, that your employment at RFE/RL is contingent on the successful completion of pre-employment check.
Therefore after your acceptance of RFE/RL‘s offer letter, you will be subject of pre-employment check (performed by external Czech entity). Detailed information about collection and processing of your personal data in this matter will be provided to you together with the offer letter.
Privacy Notice for RFE/RL Internship or Fellowship Applicants
The process described above largely applies to applicants for internships and fellowships as well – simply replace the word “employment” with “internship” or “fellowship” as applicable.