Information Security Officer

Job description

Information Security Officer

Main responsibilities:

Risk Management:

- Perform Risk assessments on : new projects, assets or Tools

- Manage Risk Register on compliance exemptions and risk acceptance (including expiry and renewal)

- Collaborate with the Security MSPs and the rest of security officers from other regions to deal with global emerging threats.

Compliance Management:

Support GRC global officer on specific tasks related but not limited to:

- Evidence collection and recording (MCS & Audits)

- Audit support

- Development and management of control processes

- Post Audit action tracking

Change and project support:

- Provide Security Reviews & Approvals on SNOW changes

- Security representation in zone CAB/E-CAB when required

- Security reviews of new demands and project charters

- Support/drive Security initiatives (Global or Regional)

Protect:

Security Operations

- Collaborate providing knowledge on managing, supporting and monitoring regular security relevant processes like: Patch Management, Backup & Restore, DR & BCP, Malware

- Follow up Globally Patch management process trying to improve the following areas:

Consolidation of asset scope sources (CMDB, manual lists, …)

Provide visibility to teams of the vulnerabilities detected

Homogenization of patching processes for all the zones

Ensuring completeness of vulnerability detection and patching activities

Detection of area for improvement

- Lead the Security operations related to the Network, this includes the following components: Firewall main configuration, IDS/IPS rules configuration, WAF default configuration and baseline, Proxy configuration and IoC lifecycle

Detect:

Security Operations

- Lead/Drive globally the vulnerability management process

- Coordinate Threat Hunting operations provided by a third party :

Providing necessary access to the external consultants

Provide access to the internal resources needed (hardware, software and contacts)

Coordination and deployment management of the needed agents

Register the necessary findings and ensure they are followed up and properly closed.

Respond:

Security Operations

- Work on Security Incident & Problem management

- Provide P1/Major Security Incident support

- Be involved on Forensic activities

Profile Required:

Education/qualifications normally required:

- Graduate degree in Business or Management; Bachelor's degree in Computer Science, Engineering, or a related discipline with an IT focus.

- Security certifications (CISM, CISA, ISO 27001, CISSP, CRISC, ITIL, CMMI, CompTIA Security+, NCSF, CHFI) would be an asset.

Specific work experience:

- Experience in IT Security and other operational/compliance IT roles

- Broad technical security knowledge of IT services, technology and IT solutions.

- Specific expertise in one or more of the following would be a plus:

Cloud Security → CCSP / GCSA

Network Security → CND / CCNP / CCNA Security / CEH

System/Infrastructure Security → CISSP / CISM / CISA

Industrial Technology (OT) Security → CDSE / GICSP / ISP / ISOC

- Extensive experience in delivering IT security projects, assessments and audits

- Practical experience of risk management

- Experience in implementing Policies and Procedures in compliance with Information Security Management System Standards (ISO 27000 series)

- Strong knowledge of regulatory requirements and security policies and standards

- Broad knowledge of IT services, Technologies and IT solutions

- Work experience in a related industry setting (cement, aggregate, ready-mix)

- Strong decision making skills and ability to challenge decisions of others

- Good negotiation skills with vendors, contractors and other suppliers

Technical / functional skills:

- Ability to develop and implement IT policies and governance

- Ability to run information security audits and test cyber resilience

- Profound knowledge of Information Security and Compliance standards (e.g. ISO 27001/2, GDPR, NIST, HIPAA, etc)

- Strong knowledge and understanding of networking & infrastructure security, both on premise and in cloud (IaaS)

- Experience with Cyber Security incidents and response

- Ability to review technical architecture documentation for demand/ project/ change proposals to identify security related risks or compliance concerns.

- Ability to conduct deep technical research into issues and products.

- Profound project management skills

- Strong Risk Management skills

Behavioral competencies:

- Ability to deal with difficult situations, unclear priorities and blocking stakeholders

- Ability to communicate openly and effectively with many diverse constituencies and stakeholders

- Ability to work decisively under heavy workload considering the criticality, urgency and extended work hours required to ensure the availability of the service in accordance to service level commitments

- Ability to manage multi-cultural and geographically diverse teams

- High willingness to drive transformation and service improvement

- Strong customer / end-user / client service orientation

- Highly self-motivated and directed

- Keen attention to detail

- Capability for problem solving, decision making, sound judgment, assertiveness

Leadership and managerial abilities:

- Strong relationship building and interpersonal skills

- Ability to lead and inspire teams across companies and cultural barriers

- Ability to champion new initiatives and technologies – Change Leader

Required Skill Profession

Other General