Summary of the job
The Security Officer for Infrastructure & Operations helps deliver on the vision of I&O Security Management and is accountable for information security and compliance within the Global Infrastructure & Operations (GIO) scope. The role will assist in the development of long-term security strategies and manage its execution to ensure the IT services and functions meet all mandated security standards & policies and effectively assess & control security risks
Main responsibilities
Risk management
* Perform Risk assessments on : new projects, assets or Tools
* Manage Risk Register on compliance exemptions and risk acceptance (including expiry and renewal)
* Collaborate with the Security MSPs and the rest of security officers from other regions to deal with global emerging threats.
Compliance management
* Support GRC global officer on specific tasks related but not limited to:
* Evidence collection and recording (MCS & Audits)
* Audit support
* Development and management of control processes
* Post Audit action tracking
Change and project support
* Provide Security Reviews & Approvals on SNOW changes
* Security representation in zone CAB/E-CAB when required
* Security reviews of new demands and project charters:
* I&O projects (Global or Regional)
* IITSC projects (with I&O components)
* Support/drive Security initiatives (Global or Regional)
Security Operations
* Collaborate providing knowledge on managing, supporting and monitoring regular security relevant processes like:
* Patch Management
* Backup & Restore
* DR & BCP
* Malware
* Follow up Globally Patch management process trying to improve the following areas:
* Consolidation of asset scope sources (CMDB, manual lists, …)
* Provide visibility to teams of the vulnerabilities detected
* Homogenization of patching processes for all the zones
* Ensuring completeness of vulnerability detection and patching activities
* Detection of area for improvement
* Lead the Security operations related to the Network, this includes the following components:
* Firewall main configuration
* IDS/IPS rules configuration
* WAF default configuration and baseline
* Proxy configuration
* IoC lifecycle
* Lead/Drive globally the vulnerability management process
* Coordinate Threat Hunting operations provided by a third party :
* Providing necessary access to the external consultants
* Provide access to the internal resources needed (hardware, software and contacts)
* Coordination and deployment management of the needed agents
* Register the necessary findings and ensure they are followed up and properly closed.
* Work on Security Incident & Problem management
* Provide P1/Major Security Incident support
* Be involved on Forensic activities
PROFILE REQUIRED
Level of education/qualifications normally required:
* Graduate degree in Business or Management; Bachelor’s degree in Computer Science, Engineering, or a related discipline with an IT focus.
* Security certifications (CISM, CISA, ISO 27001, CISSP, CRISC, ITIL, CMMI, CompTIA Security+, NCSF, CHFI) would be an asset.
Specific work experience:
* 10+ years of experience in IT Security and other operational/compliance IT roles
* Broad technical security knowledge of IT services, technology and IT solutions.
* Specific expertise in one or more of the following would be a plus:
* Cloud Security → CCSP / GCSA
* Network Security → CND / CCNP / CCNA Security / CEH
* System/Infrastructure Security → CISSP / CISM / CISA
* Industrial Technology (OT) Security → CDSE / GICSP / ISP / ISOC
* Extensive experience in delivering IT security projects, assessments and audits
* Practical experience of risk management
* Experience in implementing Policies and Procedures in compliance with Information Security Management System Standards (ISO 27000 series)
* Strong knowledge of regulatory requirements and security policies and standards
* Broad knowledge of IT services, Technologies and IT solutions
* Work experience in a related industry setting (cement, aggregate, ready-mix)
* Strong decision making skills and ability to challenge decisions of others
* Good negotiation skills with vendors, contractors and other suppliers
Technical / functional skills:
* Ability to develop and implement IT policies and governance
* Ability to run information security audits and test cyber resilience
* Profound knowledge of Information Security and Compliance standards (e.g. ISO 27001/2, GDPR, NIST, HIPAA, etc)
* Strong knowledge and understanding of networking & infrastructure security, both on premise and in cloud (IaaS)
* Experience with Cyber Security incidents and response
* Ability to review technical architecture documentation for demand/ project/ change proposals to identify security related risks or compliance concerns.
* Ability to conduct deep technical research into issues and products.
* Profound project management skills
* Strong Risk Management skills