IT Security Officer I&O

The Security Officer for Infrastructure & Operations helps deliver on the vision of I&O Security Management and is accountable for information security and compliance within the Global Infrastructure & Operations (GIO) scope. The role will assist in the development of long-term security strategies and manage its execution to ensure the IT services and functions meet all mandated security standards & policies and effectively assess & control security risks.

The overall target for this position includes:

• Assessing and managing risks, vulnerabilities, threats and compliance within the GIO scope
• Coordinate and align security relevant priorities across multiple internal and external teams
• Planning and coordinating Security relevant requirements such as vulnerability assessments and control testing.
• Support and consult on security components from technical architecture & process design
• Implement and sustain the Group Standard Information Security Framework
• Help foster a culture of compliance and security awareness
• Manage IT Internal Controls (ITIC) for the global infrastructure scope in coordination with the GIO zone operation teams and relevant IT Security teams in the region.
• Develop, use and continuously improve a formal set of processes by which the organization can identify various security concerns, gaps and remedial actions to ensure the appropriate IT Security resilience of the infrastructure

• Ensuring that compliance is measured, reported and implemented across the I&O scope. Including:
  • Information security standards and procedures
  • Information security regulatory compliance
  • Certification standards and requirements
• Establishing constant vigilance over critical information assets together with Global and Group (Corporate) Application Security
• Managing security risks and threats associated with information assets
• Providing risk management advice
• Supporting IT Internal Controls (MCS - Minimal Control Standards) compliance and issue management across both internal and external teams within the GIO scope.
• Collaborating with the leadership and other stakeholders to raise awareness of security risks, influence behaviors and making security an inherent part of the culture
• Preparing the basis for security relevant management decisions
• Providing information security support for projects and enquiries from other functions/stakeholders

Level of education/qualifications normally required:

• Graduate degree in Business or Management; Bachelor’s degree in Computer Science, Engineering, or a related discipline with an IT focus.
• Security certifications (CISM, CISA, ISO 27001, CISSP, CRISC, ITIL, CMMI, CompTIA Security+, NCSF, CHFI) would be an asset.

Specific work experience:

• 10+ years of experience in IT Security and other operational/compliance IT roles
• Broad technical security knowledge of IT services, technology and IT solutions
• Specific expertise in one or more of the following would be a plus:
  • Cloud Security → CCSP / GCSA
  • Network Security → CND / CCNP / CCNA Security / CEH
  • System/Infrastructure Security → CISSP / CISM / CISA
  • Industrial Technology (OT) Security → CDSE / GICSP / ISP / ISOC
• Extensive experience in delivering IT security projects, assessments and audits
• Practical experience of risk management
• Experience in implementing Policies and Procedures in compliance with Information Security Management System Standards (ISO 27000 series)
• Strong knowledge of regulatory requirements and security policies and standards
• Broad knowledge of IT services, Technologies and IT solutions
• Work experience in a related industry setting (cement, aggregate, ready-mix)
• Strong decision-making skills and ability to challenge decisions of others
• Good negotiation skills with vendors, contractors and other suppliers

Technical / functional skills:

• Ability to develop and implement IT policies and governance
• Ability to run information security audits and test cyber resilience
• Profound knowledge of Information Security and Compliance standards (e.g. ISO 27001/2, GDPR, NIST, HIPAA, etc.)
• Strong knowledge and understanding of networking & infrastructure security, both on premise and in cloud (IaaS)
• Experience with Cyber Security incidents and response
• Ability to review technical architecture documentation for demand/project/change proposals to identify security-related risks or compliance concerns
• Ability to conduct deep technical research into issues and products
• Profound project management skills
• Strong Risk Management skills

Behavioral competencies:

• Ability to deal with difficult situations, unclear priorities and blocking stakeholders
• Ability to communicate openly and effectively with many diverse constituencies and stakeholders
• Ability to work decisively under heavy workload considering the criticality, urgency and extended work hours required to ensure the availability of the service in accordance with service level commitments
• Ability to manage multi-cultural and geographically diverse teams
• High willingness to drive transformation and service improvement
• Strong customer / end-user / client service orientation
• Highly self-motivated and directed
• Keen attention to detail
• Capability for problem solving, decision making, sound judgment, assertiveness

Leadership and managerial abilities:

• Strong relationship building and interpersonal skills
• Ability to lead and inspire teams across companies and cultural barriers
• Ability to champion new initiatives and technologies – “Change Leader”

Linguistic skills:

• Excellent English (written & spoken) – other languages are a plus