Senior Information Technology Security Officer

The Security Officer for Infrastructure & Operations helps deliver on the vision of I&O Security Management and is accountable for information security and compliance within the Global Infrastructure & Operations (GIO) scope. The role will assist in the development of long-term security strategies and manage its execution to ensure the IT services and functions meet all mandated security standards & policies and effectively assess & control security risks

Main responsibilities

• Perform Risk assessments on : new projects, assets or Tools
• Manage Risk Register on compliance exemptions and risk acceptance (including expiry and renewal)
• Collaborate with the Security MSPs and the rest of security officers from other regions to deal with global emerging threats.

Compliance management

• Support GRC global officer on specific tasks related but not limited to :
• Evidence collection and recording (MCS & Audits)
• Audit support
• Development and management of control processes
• Post Audit action tracking

Change and project support

• Provide Security Reviews & Approvals on SNOW changes
• Security representation in zone CAB / E-CAB when required
• Security reviews of new demands and project charters :
• I&O projects (Global or Regional)
• IITSC projects (with I&O components)
• Support / drive Security initiatives (Global or Regional)

Security Operations

• Collaborate providing knowledge on managing, supporting and monitoring regular security relevant processes like :
• Patch Management
• Backup & Restore
• DR & BCP
• Malware
• Follow up Globally Patch management process trying to improve the following areas :
• Consolidation of asset scope sources (CMDB, manual lists, …)
• Provide visibility to teams of the vulnerabilities detected
• Homogenization of patching processes for all the zones
• Ensuring completeness of vulnerability detection and patching activities
• Detection of area for improvement
• Lead the Security operations related to the Network, this includes the following components :
• Firewall main configuration
• IDS / IPS rules configuration
• WAF default configuration and baseline
• Proxy configuration
• IoC lifecycle
• Lead / Drive globally the vulnerability management process
• Coordinate Threat Hunting operations provided by a third party :
• Providing necessary access to the external consultants
• Provide access to the internal resources needed (hardware, software and contacts)
• Coordination and deployment management of the needed agents
• Register the necessary findings and ensure they are followed up and properly closed.
• Work on Security Incident & Problem management
• Provide P1 / Major Security Incident support
• Be involved on Forensic activities

PROFILE REQUIRED

Level of education / qualifications normally required :

• Graduate degree in Business or Management; Bachelor’s degree in Computer Science, Engineering, or a related discipline with an IT focus.
• Security certifications (CISM, CISA, ISO 27001, CISSP, CRISC, ITIL, CMMI, CompTIA Security+, NCSF, CHFI) would be an asset.

Specific work experience :

• 10+ years of experience in IT Security and other operational / compliance IT roles
• Broad technical security knowledge of IT services, technology and IT solutions.
• Specific expertise in one or more of the following would be a plus :
• Cloud Security → CCSP / GCSA
• Industrial Technology (OT) Security → CDSE / GICSP / ISP / ISOC
• Extensive experience in delivering IT security projects, assessments and audits
• Practical experience of risk management
• Experience in implementing Policies and Procedures in compliance with Information Security Management System Standards (ISO 27000 series)
• Strong knowledge of regulatory requirements and security policies and standards
• Broad knowledge of IT services, Technologies and IT solutions
• Work experience in a related industry setting (cement, aggregate, ready-mix)
• Strong decision making skills and ability to challenge decisions of others
• Good negotiation skills with vendors, contractors and other suppliers

Technical / functional skills :

• Ability to develop and implement IT policies and governance
• Ability to run information security audits and test cyber resilience
• Profound knowledge of Information Security and Compliance standards (e.g. ISO 27001 / 2, GDPR, NIST, HIPAA, etc)
• Strong knowledge and understanding of networking & infrastructure security, both on premise and in cloud (IaaS)
• Experience with Cyber Security incidents and response
• Ability to review technical architecture documentation for demand / project / change proposals to identify security related risks or compliance concerns.
• Ability to conduct deep technical research into issues and products.
• Profound project management skills