Act as the interface between the technical disciplines and the business to carry out technically orientated security assessments, setting security requirements for new products and services, and also assessing compliance and risk.
Technology center of a multinational telecom company.
Main activities are in the are of Security Assessment and Compliance. This role bein in charge with overseeing and coordinating the internal systems auditing, in order to assure that products, infrastructure and services are secure and compliant with relevant internal and external standards before release:
- Ensure that all global products, services, and infrastructure for Enterprise customers, consumers, or being used internally are secure by design and will meet an appropriate technology security level, and demonstrate that all potential risks are being mitigated to an acceptable level to in order to assure the confidentiality, integrity and availability of systems and data.
- Work closely with the business and technology architecture teams, design and operations teams, and with the other security teams e.g. Risk & Compliance, Ethical Hacking, Security Operations, and Corporate Security. The role holder will also be required to manage external resource and coach Security Champions in the agile teams.
- Provide advice and guidance to internal and external customers on security related matters.
- Define, communicate and ensure that suppliers and third parties understand and comply with Group’s security standards.
- Good professional experience (3 to 5+ years) in the following fields or related to: information technology, Cyber security, DevSecOps (not necessary hands-on/operational).
- Experience with security in agile ways of working.
- Relevant experience with Security Audits, Security Assessment and/or Compliance.
- Ability to explain complex technical matters to non-technical business executives. (The role, is expected to give clear guidance for implementing security controls in complex environments.)
- Very good English skills (spoken and written).
Nice to have: (At least 2 of the following would represent a considerable advantage)
- Knowledge/experience with securing of cloud environments (one or more in the area of AWS, GCP, Azure, OCI) incl. Kubernetes (KaaS) and connectivity, user access management, network infrastructure, CDaaS / IaaS / SaaS and penetration testing experience beneficial.
- Knowledge and experience in DNS technology, Apache Kafka, CNI, Citrix env.
- One or more of the following: CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor, GIAC, TOGAF, SABSA or equivalent
- University degree in Information Security or equivalent