KFC, a subsidiary of Yum! Brands, is a global chicken restaurant brand with a rich, decades-long history of success and innovation. It all started with one cook, Colonel Harland Sanders, who created a finger lickin’ good recipe more than 75 years ago, a list of secret herbs and spices scratched out on the back of the door to his kitchen. Today we still follow his formula for success, with real cooks breading and freshly preparing our delicious chicken by hand inmore than 22,000 restaurants in over 135 countriesand territories around the world.

Purpose of the job:

Own & communicate IT security standards to FZ partners; work with FZ partners to enable their compliance to security standards; Identify appropriate IT security vendors for FZ partners to work with

Job size:

Central & Eastern Europe Business Unit (CEE) countries (26) with almost 1000 current restaurants and opening 70 New Stores per year.

Job functions:

(50%) Collaborate within the ecosystem of YUM and FZ partners and enable FZ knowledge and compliance around IT Security

• Prepare the materials and share with the FZ partners
• Communicate and convince FZ partners to follow the guidelines
• Measure adherence to the standards

(20%) Support Independent Audit process

• Support Internal Independent Audit process and remediation
• Providing support for the security analysis of corporate resources. Support the process of local network devices and web applications scanning for vulnerabilities. Advising the development team and monitoring vulnerability remediation

(20%) Manage & address IT Security incidents

• Identifying, analyzing threats and assessing cyber security risks to infrastructure, selecting adequate and optimal protection measures.
• Management of information security (IS) incidents, conducting investigations.
• Developing and continually improving detection and response scenarios.

(10%) Vendor management and collaboration

• Run the selection of IT security services vendors for WEBU/CEE
• Support the IT solutions/vendors selection for WEBU/CEE

Knowledge and skills required:

EDUCATION

Bachelor's and Master's Degree in Computer Science, Engineering, Business, Information Technology, Technical, Technology, Education, Mathematics, Information Systems

EXPERIENCE (and other qualifications):

• Higher technical education (preferably specialized)
• Analytical mindset.
• Knowledge of the principles of computer and network security, OS security, DBMS, web applications.
• Knowledge of technical means of information security.
• Subject areas: network security, secure development, security level assessment, cryptography, security of cloud platforms, virtualization and containerization.
• Knowledge of IS incident response methods, tools and processes.
• Practical experience in identifying and investigating IS incidents, developing recommendations to prevent similar incidents in the future.
• Practical experience with SOC technologies: SIEM, IRP, sources of events: AVP, IDS/IPS, EPP/EDR, NGFW, WAF, network traffic analysis tools, logs of operating systems, network equipment.
• Experience with vulnerability scanners, Web Application Firewalls
• Knowledge of current information systems compromise indicators and detection methods.
• Experience in analyzing logs from different systems, ability to interpret them correctly.
• Knowledge of international information security standards, requirements of regulatory institutions and compliance methods.