Extensive Experience: 5+ years of experience in Information Security and Information Technology, with a strong background in security architecture and strategy.
Advanced Communication Skills: Excellent ability to translate complex technical information into business-friendly language, facilitating clear communication with stakeholders.
Leadership and Collaboration: Proven ability to lead cross-functional teams, drive security initiatives, and collaborate effectively with a geographically and culturally diverse workforce.
Strategic Thinking: Strong strategic and analytical thinking skills, with the ability to develop and implement long-term security plans.
ITIL Expertise: Deep functional experience in ITIL processes, particularly in service management and service delivery.
Service Desk Proficiency: Proficiency in using Service Desk platforms (ServiceNow, SOC Module) to manage and track security incidents and changes.
Commitment to Excellence: A strong sense of professionalism, ethics, and a commitment to exceeding Service Level Objectives and Agreements.
Education and Certification: Bachelor’s degree in IT or a related field, or equivalent IT experience. Relevant certifications such as CISSP, CISM, or SABSA are highly desirable.
What You’ll Do
Design and Implement Security Architectures: Develop, implement, and maintain robust security architectures and frameworks that align with industry best practices and organizational policies.
Lead Security Initiatives: Drive the design and execution of security strategies, ensuring alignment with business objectives and regulatory requirements.
Review and Approve Firewall and Proxy Requests: With minimal supervision, review, evaluate, and approve firewall and proxy requests, ensuring adherence to the latest security standards and policies.
Risk Assessment and Mitigation: Conduct comprehensive assessments of business and technical requests, identifying potential risks and developing effective, pragmatic security mitigations or remediation plans.
Change and Incident Management: Represent the Global Information and Cyber Security (GICS) function in change and incident management processes, ensuring they conform to current security best practices and policies.
Senior Consultation: Serve as a senior consultant, providing expert advice and guidance on complex security issues. Collaborate with senior security analysts and engineers to resolve high-stakes incidents and change requests.
Policy and Procedure Development: Lead the development, enhancement, and enforcement of security policies, procedures, and standards.
Compliance and Audits: Utilize advanced tools and procedures to verify compliance of IT infrastructure and applications with security policies. Guide system administrators in achieving compliance.
Impact Analysis: Assess and articulate the impact of IT assets on security requests, making informed approval decisions, and involving senior team members when necessary.
Vulnerability Management: Oversee the vulnerability remediation program, ensuring timely and effective resolution of identified vulnerabilities. Coordinate with various teams to address and remediate vulnerabilities in GICS-owned assets and tools.
Metrics and Reporting: Monitor and analyze metrics and performance indicators for the vulnerability remediation program, providing regular reports to management and stakeholders.
Innovation and Improvement: Continuously explore and implement innovative security solutions and improvements to existing processes and systems.
Add Skills:
Cloud Security Expertise: Experience with securing cloud environments and architectures.
Threat Modeling: Proficiency in threat modeling and risk assessment methodologies.
Security Frameworks: In-depth knowledge of security frameworks such as NIST, ISO 27001, and CIS Controls.
Innovative Solutions: Ability to identify and implement innovative security solutions and technologies.