Position Summary

Under the supervision and guidance of Product Group Manager, the Senior Cyber and Digital Security Specialist is responsible for establishing and maintaining security products, platforms and solutions designed to mitigate IS/IT risks across the company to ensure that information assets are adequately protected. S/He is responsible for the identification, evaluation and reporting of information security risks in a manner that meets compliance and regulatory requirements, aligning with and supporting the risk posture of the enterprise. The Senior Cyber and Digital Security Specialist requires strong skills and a working knowledge of information security technologies. S/He will proactively work with IS/IT and business units to implement practices that meet defined policies and standards for information security. Acting as a security business partner for the IS/IT Product Groups, s/he represents Security in various core team meetings. The Senior Cyber and Digital Security Specialist continuously researches and stays on top of emerging security threats, technologies and trends.

A day in the life of...

Key Outputs:

• Conducts systematic security assessments of Digital Solutions (Web Sites, Mobile and Social Media Applications, Cloud Solutions and associated infrastructure, etc.) to identify security risks • Ensures new products, platforms and solutions are implemented "Secure & Compliant by Design" • Develops, maintains and publishes up-to-date security policies, standards and guidelines, and oversees training and dissemination of security policies and practices • Works directly with Product Managers, BRMs and IS/IT Customers to facilitate business IS/IT risk assessment and risk management processes, and works with stakeholders through the enterprise on identifying acceptable levels of residual risk • Provides periodic reporting on the current status of the information security program to enterprise risk teams, senior business and IS/IT leaders – in collaboration with the Office of the CIO - as part of a strategic enterprise risk management program • Facilitates a metrics and reporting framework in collaboration with the Office of the CIO to measure the efficiency and effectiveness of the program, promoting appropriate resource allocation, and increase the maturity of the security

• Defines and facilitates the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings • Creates a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection • Provides strategic risk guidance for IS/IT projects and product management, including the evaluation and recommendation of technical controls • Liaises with the Enterprise Architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures • Ensures that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings • Creates and manages a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations • Liaises among the information security team and corporate compliance, audit, legal and HR management teams as required 

• Understands and interacts with related disciplines to ensure the consistent application of policies and standards across all product groups; technology projects and systems, including, but not limited to, privacy, risk management, compliance and business continuity management • Works closely with Enterprise Architects, other functional area architects and other Security Specialists to ensure adequate security solutions are in place throughout all IS/IT products and platforms to mitigate identified risks sufficiently and to meet business objectives and regulatory requirements • Develop the business, information and technical artifacts that constitute the enterprise information security architecture and solutions

Key internal relationships:

• Works with all products and has a higher involvement in those supporting the Digital strategy of the company

What will make you successful

• Degree in business administration or a technology-related field, or equivalent work- or education-related experience

• 5+ years of experience in a combination of risk management, information security and IS/IT jobs 

• Employment history must demonstrate increasing levels of responsibility

• Successful experience in implementing cyber security with Digital teams and products (eCommerce or Industry 4.0)

• Proven track record and experience developing information security policies and procedures and successfully executing programs that meet objectives of excellence in a dynamic environment

• Experience with contract and vendor negotiations

• Experience in effective communication at different level in the organisation and in English

• Preference to have worked in a global environment and with virtual teams

Nice to have:

• Solid experience in assessing and protecting digital properties (websites, mobile, e-commerce) applications.
• Software development or application security testing experience, SecDevOps, OWASP Top 10 and other frameworks: including analyzing, architecting fixes for, and leading developers in remediating code-level vulnerabilities.
• Solid understanding of protection mechanisms for web and public-facing applications, and security architecture best practices and implementation (e.g. security protocols, cryptography, authentication, authorization)
• Experience determining security requirements by evaluating business strategies and requirements following a risk-based approach, and describe associated data flows and security controls needed, interacting with a broad cross-section of personnel to explain and enforce security measures.
• Experience in designing secure architecture for eCommerce, payment and other consumer facing properties which are publicly exposed.
• Experience determining security requirements by evaluating business strategies and requirements following a risk-based approach, and describe associated data flows and security controls needed, interacting with a broad cross-section of personnel to explain and enforce security measures.