Job Description

Porsche Finance Group Ukraine is represented by Porsche Leasing Ukraine, Porsche Mobility, and Porsche Insurance Agency. They are owned by the Austrian Porsche Bank, which belongs to the Porsche Holding (Volkswagen Group). PFG Ukraine provides financial, operating leasing, car loans, insurance and fleet management for Volkswagen, Audi, SEAT, CUPRA, Porsche, Skoda and MAN.

Brief Role Description

The Local Information Security Officer (LISO) is responsible for establishing, implementing, and maintaining effective information security governance, policies, and procedures within the Porsche Holding Group in Ukraine (Porsche Finance Group Ukraine, Porsche Ukraine. Porsche Interauto).

The LISO ensures robust asset management, risk management, incident response, and security awareness initiatives are in place and regularly reviewed.

Possible Tasks within this Role

• Governance: Set up and maintain a proper infosec function in the company. Participate in relevant Committees, ensure effective reporting to top management and Holding CISO.
• Policies: Develop and maintain a local documentary framework for information security policies. Communicate these policies to relevant stakeholders and ensure they are regularly reviewed and updated.
• Asset Management: Create and maintain an asset register with clearly defined ownership. Lead and advise on asset classification processes.
• Information Classification: Establish and implement local information classification requirements and define protection needs for each classification.
• Assessments: Coordinate and follow up on internal and external security assessments, including penetration tests, red team exercises, and audits. Track findings and exceptions to resolution. Create yearly security assessment plan.
• Information Risk Management: Define risk management methodology, identify, document, and assess risks. Initiate appropriate countermeasures, monitor implementation, regularly review risks, and report critical/high risks to top management and the CISO.
• Security Incident Handling: Develop and maintain incident management processes and playbooks. Coordinate incident response, conduct regular tabletop exercises, record incidents, and report to local management and Group CISO.
• Security Awareness: Develop and implement security awareness initiatives and report their effectiveness to management.

Qualification requirements

• Bachelor’s degree in Information security, Computer Science, or related field.
• Knowledge of national and international information security standards and frameworks (NIST, ISO 27000, NBU framefork, etc.).
• Experience in information security management, risk assessment, and incident response.
• English language on level enough for independent communication in professional environment, understanding complex texts (B2 “upper-intermediate”).
• Ability to work independently.
• Able to explain technical topics to non-expert executives.
• Ability to work collaboratively across teams and with various levels of management.

Skills

• Analytical Thinking
• Artificial Intelligence (AI)
• Cloud Security
• Communication Skills
• Critical Thinking
• Cybersecurity Standards
• Decision-making Skills
• Identity & Access Management
• Machine Learning (ML)
• Network Security
• Penetration Testing
• Problem Solving
• Risk Assessment
• Vulnerability Assessment

Your benefits:

• Formal employment from the first working day, paid holidays and sick leave.
• Medical insurance.
• Language courses.
• Hybrid work.
• Meals compensation.
• Opportunities for personal and professional growth.