The Security Officer for Infrastructure & Operations helps deliver on the vision of I&O Security Management and is accountable for information security and compliance within the Global Infrastructure & Operations (GIO) scope. The role will assist in the development of long-term security strategies and manage its execution to ensure the IT services and functions meet all mandated security standards & policies and effectively assess & control security risks
Main responsibilities
- Perform Risk assessments on : new projects, assets or Tools
- Manage Risk Register on compliance exemptions and risk acceptance (including expiry and renewal)
- Collaborate with the Security MSPs and the rest of security officers from other regions to deal with global emerging threats.
Compliance management
Support GRC global officer on specific tasks related but not limited to :Evidence collection and recording (MCS & Audits)Audit supportDevelopment and management of control processesPost Audit action trackingChange and project support
Provide Security Reviews & Approvals on SNOW changesSecurity representation in zone CAB / E-CAB when requiredSecurity reviews of new demands and project charters :I&O projects (Global or Regional)IITSC projects (with I&O components)Support / drive Security initiatives (Global or Regional)Security Operations
Collaborate providing knowledge on managing, supporting and monitoring regular security relevant processes like :Patch ManagementBackup & RestoreDR & BCPMalwareFollow up Globally Patch management process trying to improve the following areas :Consolidation of asset scope sources (CMDB, manual lists, …)Provide visibility to teams of the vulnerabilities detectedHomogenization of patching processes for all the zonesEnsuring completeness of vulnerability detection and patching activitiesDetection of area for improvementLead the Security operations related to the Network, this includes the following components :Firewall main configurationIDS / IPS rules configurationWAF default configuration and baselineProxy configurationIoC lifecycleLead / Drive globally the vulnerability management processCoordinate Threat Hunting operations provided by a third party :Providing necessary access to the external consultantsProvide access to the internal resources needed (hardware, software and contacts)Coordination and deployment management of the needed agentsRegister the necessary findings and ensure they are followed up and properly closed.Work on Security Incident & Problem managementProvide P1 / Major Security Incident supportBe involved on Forensic activitiesPROFILE REQUIRED
Level of education / qualifications normally required :
Graduate degree in Business or Management; Bachelor’s degree in Computer Science, Engineering, or a related discipline with an IT focus.Security certifications (CISM, CISA, ISO 27001, CISSP, CRISC, ITIL, CMMI, CompTIA Security+, NCSF, CHFI) would be an asset.Specific work experience :
10+ years of experience in IT Security and other operational / compliance IT rolesBroad technical security knowledge of IT services, technology and IT solutions.Specific expertise in one or more of the following would be a plus :Cloud Security → CCSP / GCSAIndustrial Technology (OT) Security → CDSE / GICSP / ISP / ISOCExtensive experience in delivering IT security projects, assessments and auditsPractical experience of risk managementExperience in implementing Policies and Procedures in compliance with Information Security Management System Standards (ISO 27000 series)Strong knowledge of regulatory requirements and security policies and standardsBroad knowledge of IT services, Technologies and IT solutionsWork experience in a related industry setting (cement, aggregate, ready-mix)Strong decision making skills and ability to challenge decisions of othersGood negotiation skills with vendors, contractors and other suppliersTechnical / functional skills :
Ability to develop and implement IT policies and governanceAbility to run information security audits and test cyber resilienceProfound knowledge of Information Security and Compliance standards (e.g. ISO 27001 / 2, GDPR, NIST, HIPAA, etc)Strong knowledge and understanding of networking & infrastructure security, both on premise and in cloud (IaaS)Experience with Cyber Security incidents and responseAbility to review technical architecture documentation for demand / project / change proposals to identify security related risks or compliance concerns.Ability to conduct deep technical research into issues and products.Profound project management skillsJ-18808-Ljbffr