Security Incident & Vulnerability Management Lead

• Being part of an international company yet with local presence
• Build a safer digital society together with us

The Security Incident & Vulnerability Management Lead’s mission and objective will be to establish, maintain and orchestrate the Security Incident & Vulnerability Management processes across an Orange Cyberdefense business unit.

The role will be responsible for Security Incident Management andVulnerability Management.

Strategic:

• Lead security incident and vulnerability management to enhance the value of the company and brand.
• Lead vulnerability management to enhance the value of the company and brand through continuous improvement of Orange Cyberdefense’s internal and external cyber rating.
• Manage the development and implementation of security policies, standards, instructions and guidelines in relation to the role.

Tactical:

• First line response for all security incidents
• Maintain relationships with local law enforcement and other related government agencies.
• Oversee internal incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
• Assist departments at Orange Cyberdefense in compliance and conformity questions regarding security incident and vulnerability management.
• Participate in activities with counterparts at other companies within Orange Group (CERT).

People Management:

This role will provide direction and guidance to the Security Officers throughout the Orange Cyberdefense Group.

Information Security:

In common with all roles in OCD, this role must comply with the Information Security policies and procedures in place at the time, as specified.

• Lead information security incident management
• Lead vulnerability management.
• Lead activities related to internal and external cyber rating improvements

The Security Incident & Vulnerability Management Lead will need to possess the following desirable skills and experience:

• Information security management: CISM, masters degree or similar, or at least 2 years work experience including at least 1 year in the field; genuine hands-on experience with relevant approaches, standards, methods, frameworks in relation to this role.
• Business management: extensive real-world management experience involving contact with senior management, departmental/corporate management, budgeting, strategic planning, management reporting and metrics, legal and regulatory compliance, formulation and management of incident management, vulnerability management etc.
• Technical management: extensive real-world experience of at least 1 years working in technical IT roles such as: network management, server management, desktop management or application development etc.