VIG Re is seeking a Senior IT Governance and Security Professional to enhance our security operations. In this key role, you will implement a structured security framework, ensure compliance with security standards, and deliver effective security awareness programs. You'll coordinate penetration testing, collaborate with external vendors and internal teams, and contribute to risk assessments and business continuity strategies. Join us in safeguarding our IT environment and ensuring security excellence!
Your tasks
The Senior IT Governance & Security ensures the organization's applications and infrastructure are secure and protected against internal and external threats. This role establishes and manages security operations, oversees penetration testing, and leads security awareness and training programs. The senior works closely with internal teams and external vendors, ensuring that security processes, standards, and policies are applied consistently across the organization. The role requires strong cybersecurity expertise, experience in security management, risk management and excellent communication skills to engage and educate employees and partners. He/she will work closely with the Kooperativa IT security team (currently providing the security governance and daily operations for VIG Re).
Key Responsibilities:
- Security Management: Develop, implement, and manage IT security policies, standards, and procedures. Coordinate with external vendors and partners to ensure security requirements are appropriately set and met. Ensure compliance with internal and external security regulations.
- Application and Infrastructure Security: Oversee the security of applications and infrastructure by monitoring vulnerabilities and recommending improvements. Collaborate with IT teams to secure software development, system deployments, and infrastructure upgrades.
- Security Operations: Monitor, detect, and respond to security incidents in real-time. Manage daily security operations, including threat detection, analysis, and incident response activities.
- Penetration Testing: Plan, lead, and coordinate regular penetration tests to assess and improve security measures. Analyze test results and work with IT teams to address vulnerabilities.
- Security Awareness and Training: Develop, promote, and deliver security awareness programs across the organization. Conduct regular training sessions to educate employees and vendors on cybersecurity best practices.
- IT risk management: Integrate IT risk management into the organization’s enterprise risk framework, including identification, assessment, and reporting on IT-related risks in alignment with risk appetite and compliance requirements.
- Communication and Reporting: Communicate risks and incidents clearly to technical and non-technical audiences. Report regularly to leadership on the security status, incident trends, and improvement measures.
- Stakeholder Collaboration: Work closely with internal teams to ensure security policies and practices meet business needs. Communicate security risks, incidents, and improvement plans clearly to leadership (CIO) and other key stakeholders.
Our expectations
- University degree in Computer Science, IT, Cybersecurity or related field.
- Proven experience in IT security management and governance.
- Deep knowledge of cloud, application, network, and infrastructure security.
- Experience with penetration testing methodologies and tools.
- Security certifications such as CISSP, CISM, CEH, or equivalent.
- Experience working with external security vendors and managing security operations centers (SOC) is a plus.
- Knowledge of regulatory frameworks (e.g., GDPR, ISO 27001, DORA) and compliance requirements .
- Knowledge and experience in the insurance and reinsurance industry.
- Strong expertise in developing and managing IT security policies and procedures.
- Deep understanding of cybersecurity threats, vulnerabilities, and protection methods.
- Skilled in planning and coordinating penetration testing and vulnerability assessments.
- Effective trainer and promoter of security awareness.
- Ability to respond to incidents quickly and calmly.
- Careful with details and always focused on delivering high-quality work.
- Proactive thinker who stays updated on the latest technologies.
- Excellent communication and interpersonal skills, particularly in articulating complex technical concepts to non-technical stakeholders. Excellent collaboration and networking skills, capable of building partnerships and interacting constructively with diverse teams.
- Analytical and strategic thinking capabilities, with the ability to translate complex concepts into actionable plans.
- Adept in stakeholder management, with excellent communication skills to effectively align and motivate towards common goals.
- Fluent spoken and written English and Czech.
We offer
- The opportunity to contribute essentially to development of a company and quality of services provided by IT solutions.
- Opportunity for professional development in one of the leading insurance groups in Central and Eastern Europe
- Space for self-realization
- Attractive, performance-oriented remuneration package
- An extensive package of benefits
- Flexible working hours
- Work in an international team
- Workplace in the heart of Prague
25 days of vacation
Flexible working hours
Home Office and Home Office energy reimbursement
Cafeteria
Pension and Life Insurance
Public Transport Contribution
Multisport card
Travel Insurance
Meal Allowance
Online mental health program
Refreshment at work
Yoga classes and gym
Unlimited paid leave