The IT Security Officer - Cybersecurity Center (CSC) helps deliver on the vision of Global IT Security Management and is accountable for delivering effective & scalable detection and response capabilities within Client’s security strategy. The role will work to improve the IT Security posture of Client and reduce identified cybersecurity risks by working as part of a global team, and in close alignment with regional security teams. The overall target for this position includes:
● Collaborate in the strategy and lead the execution to deliver world-class Cybersecurity Center services at scale. Leveraging, but not limited to, the following indicative detection and response services:
o SIEM / Managed Detection and Response (MDR)
o Threat Hunting
o Incident Response / Crisis Management
o Cyber Threat Intelligence
o Endpoint protection / Endpoint Detection and Response (EDR)
o Red Teaming
● Responsible for management, oversight and cultivation of continuous improvement activities for vendor operations working closely with vendor counterparts; ensuring any deviations from agreed service levels are effectively remediated.
● Coordinate and align IT security relevant priorities within the CSC scope across multiple internal and external teams.
● Orchestrating internal and external multi-functional stakeholders to define, validate and refine CSC vision, strategy, definitions and roadmaps.
● Partner with executives and peers across the company to deliver shared outcomes that measurably improve efficacy and efficiency to detect, recover and respond to vulnerabilities and threats; and
● Foster a corporate culture of compliance and security awareness and reinforce cultural changes through employee engagement, training and motivation to underpin all business activities.
MAIN ACTIVITIES / RESPONSIBILITIES
● Ensure CSC tools and services are effectively utilized and operated, identify gaps in process or procedures and implement new solutions accordingly.
● Ensure incident identification, assessment, reporting, communication, mitigation and monitoring.
● Establish operational foundations, defining and tracking SLAs, metrics, and KPIs to drive governance, quality, and efficiency.
● Creation of reports, dashboards, metrics for CSC and regular reporting to Senior Leadership and other technical and non-technical stakeholders.
● Drive the continuous integration of standard and non-standard log sources in security monitoring and detection tools to achieve excellence in detection and response.
● Lead the definition and development of use cases, playbooks, policies and custom tooling to continuously improve Client’s security maturity.
● Develop and enhance incident response processes, to detect and effectively respond to information security events and incidents.
● Influence and mature CSC processes through innovation and operational change.
● Ensure detection, escalation and response services are available 24/7. As Security incidents may occur, at all hours and across geographies, this role will be part of the cross functional team responsible to drive urgent security response in crisis scenarios.
● Work effectively as part of a geographically distributed organization to run a high performing global detection and response service coordinating the different teams and service providers involved.
● Stay abreast of industry trends and changing threat landscape and review technologies/services and make recommendations.
JOB DIMENSIONS
Key figures: Global reach across 70 countries and 70,000 employees.
Key interfaces, stakeholder and relationships:
Internal: Regional Digital Centers, Security Operations Center, Global Infrastructure and Operations teams, application support teams, Group Internal Control, Group Internal Audit and Project Managers. Dotted line reporting to Global IT Security for CSC strategic alignment.
External: Consulting Companies; Service Providers.
PROFILE REQUIRED
Level of education/qualifications normally required:
● Graduate degree in Business or Management; Bachelor’s degree in computer science, Engineering, or related discipline with an IT focus.
● Certifications: (CISSP, OSCP, Certified Ethical Hacker (C|EH), GIAC, CREST, CISA) would be an asset.
Specific work experience:
● 5+ years of experience in IT Security.
● Experience working in a global environment and with virtual teams.
● Demonstrable experience performing a senior role in a SOC environment or similar, with a focus on cyber security incident detection, response and resolution. Experience leading major security incidents in complex organizations would be a plus.
● Broad technical security knowledge of IT services, technology and IT solutions. Specific experience in one or more of the following:
o Cloud Security
o Network Security
o System/Infrastructure Security
o Industrial Control Technology (ICT/OT) Security
● Strong understanding of security operations, engineering and toolsets used for detection and response, including threat intelligence, SIEM, SOAR and other technologies/platforms; with focus in process automation.
● Technology advocate and proficient in project / service management concepts and common tools.
● Confidence in owning a relationship with multiple third parties.
Technical/functional skills:
● Knowledge of modern attacker tactics, techniques, and procedures, and great awareness of cybersecurity trends.
● Ability to drive innovative ways to detect vulnerabilities and exploit activity, and neutralize them through advanced technological countermeasures.
● Experience in creating BAU runbooks, use-case definitions and operating procedures.
● Experience in the use of security frameworks and Methodologies such as MITRE ATT&CK, MaGMa, TaHiTI or NIST.
● Experience with managing threats associated with cloud platforms (AWS, Google) and artifacts (code, containers, hardware devices, infrastructure).
● Deep knowledge in application and infrastructure security, as well as security fundamentals (IAM, Data Protection, PKI, Network Security).
● Strong attention to detail with an analytical mind and outstanding problem-solving skills, especially in performing tasks such as log analysis.
● Ability to conduct deep technical research into issues and products.
● Strong reporting, dashboarding and communication skills; ability to write or present actionable intelligence derived from raw data for IT and Non-IT stakeholders.
● Expertise across a number of the following areas/tools: Google scripting, ServiceNow, JIRA, Splunk, QRadar, Kali Linux, NMAP, Burp, Reverse engineering, Digital Forensics.
Behavioral competencies:
● Ability to deal with difficult situations, unclear priorities and blocking stakeholders.
● Ability to communicate openly and effectively with many diverse constituencies and stakeholders.
● Ability to work decisively under heavy workload.
● Cultural sensitivity and social flexibility in a global corporate environment..
● High willingness to drive transformation and service improvement.
● Strong customer / end-user / client service orientation.
● Highly self-motivated and directed.
● Keen attention to detail.
● Capability for problem solving, decision making, sound judgment, assertiveness.
Leadership and managerial abilities:
● Strong relationship building and interpersonal skills.
● Ability to champion new initiatives and technologies – “Change Leader”.
Linguistic skills:
● Excellent English (written & spoken) - other languages are a plus.
Mobility requirements:
● Travels ~5% (estimate).