Apply now »

Head of Cyber & Information Security

Aggregate function:  Technology
Business Area:  GT Global Cyber Security
Posting Country:  Romania
Date Posted:  17 Oct 2024
Full Time / Part Time:  Full Time
Contract Type:  Permanent

At Vodafone, we’re working hard to build a better future. A more connected, inclusive and sustainable world. As a dynamic global community, it's our human spirit, together with technology, that empowers us to achieve this. 

We challenge and innovate in order to connect people, businesses, and communities across the world. Delighting our customers and earning their loyalty drive us, and we experiment, learn fast and get it done, together.

With us, you can be truly be yourself and belong, share inspiration, embrace new opportunities, thrive, and make a real difference.

What you'll do

The Head of Cyber & Information Security (Romania) is responsible to oversee all cyber security operations within the country and its associated operating companies, which also includes the company’s subsidiaries, acquisitions, and secondary brands. 
As a priority, the Head of Cyber Security must ensure that all Vodafone products and services launched undergo proper Secure by Design processes, by maintaining a proper Risk Management and Compliance across the company. 
Such responsibility also includes adequate oversight of supplier risk management, and leading the collaboration in the deployment of new security tools as requested in the global strategy, and in the response to cyber incidents affecting their local market 
Last but not least, as the Head of Cyber Security for Romania will serve as the primary contact for national cyber security government agencies, the person occupying such position may need to possess/obtain appropriate security clearance.

Strategic Leadership:

• Identify opportunities for the development of Vodafone's business by participating in the selection procedures organized for the award of contracts for the specific platforms and services necessary for the implementation of the government private cloud
• Develops cybersecurity systems and facilitates the increase of the resilience and cybersecurity of Vodafone's infrastructure services; 
• Uses the cybersecurity resources and skills necessary for the implementation of projects within the government private cloud in order to expand the capabilities in the field and develop specific projects in the field of cybersecurity;
• Develop and execute a comprehensive cybersecurity strategy aligned with the company's business objectives. 
• Provide visionary leadership on security-related matters, staying abreast of industry trends and emerging threats. 
• Influence strategic decisions regarding the cyber security baseline and engages with local authorities to support the achievement of the technology strategy, operating model, and plan.
• Provide comprehensive interpretations/understandings of his professional field to the interested business stakeholders.
• Support the negotiations at the level of Vodafone in accordance with its seniority level, representing the centre of excellence on cyber security engineering that co-creates, promotes and enables a code of best practice at the level of cyber-defence in Vodafone Romania.

Risk Management:

• Assess and prioritize security risks, ensuring that potential vulnerabilities are identified and addressed promptly. 
• Strong background in cyber security operations, risks and controls identification and assessment
• Collaborate with cross-functional teams to implement risk mitigation strategies and contingency plans. 

Security Architecture:

• Design and implement robust security architectures for payment systems, ensuring the confidentiality, integrity, and availability of sensitive information. 
• Evaluate and recommend security technologies, tools, and processes to enhance the organization's security posture. 
• Utilize sophisticated analytical thinking to guide and support the technical operations of cyber security platforms throughout their entire lifecycles.
• Proactively detect, identify and respond to security risks and vulnerabilities by implementing an effective response plan and maintaining a consistent approach throughout the security platform lifecycle.
• Deliver cyber-security improvements and projects in the market, ensuring the effectiveness of control processes and develop future security capability plans with key partners/vendors.

Incident Response and Forensics:

• Develop and maintain incident response plans to address security incidents promptly and efficiently. 
• Conduct forensic investigations in the event of a security breach, ensuring thorough analysis and documentation. 
• Notify cybersecurity incidents and/or create cybersecurity incident response teams

Compliance and Standards:

• Ensure compliance with industry regulations, standards, and best practices related to payment security. 
• Collaborate with internal and external auditors to conduct security assessments and address findings. 
• Obtain and continuously maintain operational excellence on the local market, achieving and maintaining ISO27001 standard for the local operations and data centres, where deemed appropriate.

Team Management:

• Lead and mentor a high-performing team of security professionals in a global organization. 
• Foster a culture of security awareness and education across the organization. Prove constant focus both on self-professional development and in the evolution of his/her team, by cultivating people’s strengths and supporting their growth, in line with their individual potential and with the strategy of the company.

Who you are

• 8+ years in an Information Security role. 
• Proven track record in leading Information Security teams and comfortable with senior stakeholder engagement. 
• Hands-on experience in Information Security roles in financially regulated organizations.
• Strong understanding of security architecture, network security, cryptography, and access control. 
• Excellent leadership and communication skills, with the ability to articulate complex security concepts to non-technical stakeholders. Strong communication and leadership skills are also necessary with a view to lead, inspire and motivate the teams to achieve the desired outcome, acting as a role model to support the organizational/ cultural changes. 
• Demonstrated experience in incident response, threat intelligence, and security operations. 
• Proficiency in assessing security controls for systems and processes using a range of testing and assurance techniques (inquiry, process review, technical testing, data analysis, compliance review). Can provide recommendations to remediate gaps found and provide input into the risk management process.
• Strong management skills, proving the ability to quickly and efficiently identify opportunities, tackle serious challenges, by grasping the root causes leading thereto, in order to make informed decisions to deliver business requirements.
• Capability to assess, lead, learn from and adjust to changes and evolving demands, in various scenarios.
• Bachelor's or advanced degree in Cybersecurity, Information Technology, or a related field. 
• Capability to comprehend telecommunications infrastructure and technology to apply security control requirements, ensuring proper design, implementation, and operation.
• Proficiency in developing and implementing a standardized risk management approach across the organization, providing guidance on risk management policies and operational guidelines. Ability to lead and oversee risk identification, assessment, response, and reporting processes.
• Ability to oversee all aspects related to Information and Cyber Security, including budgeting, planning, implementation, testing and reporting, while recommending the necessary remediation measures to ensure system, service and information integrity and continuity. Applies secure-by-design principle in the development, construction and testing of solutions, products and services, for both Vodafone use and external customers.
• Positive and proactive attitude, demonstrating the ability to find solutions and adapt to various situations with eagerness, tenaciousness and determination.
• Capability to apply the knowledge of the external environment, including customers, partners, competitors and external bodies, to rapidly identify and capitalize on growth opportunities.
• Ability to implement and lead the execution of a strategic plan to achieve organizational goals, establishing daily structures, systems, and operational objectives that position the teams for success.
• Experience in international organizations is a plus.

Technical/professional certifications:
- Mandatory to hold the COBIT® - Control Objectives for Information and related Technology certification, and, additionally, at least three Certifications of the following:
- CISA (Certified Information Systems Auditor);
- CISSP (Certified Information Systems Security Professional);
- CISM (Certified Information Security Manager);
- CRISC (Certified in Risk and Information Systems Control);
- CDPSE (Certified Data Privacy);
- CCISO (Chief Information Security Officer Certification)
- GIAC (Security Leadership, GSLC);
- CEH Certified Ethical Hacker;

Not a perfect fit?

Worried that you don’t meet all the desired criteria exactly? At Vodafone we are passionate about Inclusion for All and creating a workplace where everyone can thrive, whatever their personal or professional background. If you’re excited about this role but your experience doesn’t align exactly with every part of the job description, we encourage you to apply as you may be the right candidate for this role or another role, and our recruitment team can help you see how your skills fit in.

What's in it for you

• A hybrid working regime: 2 days at the office, 3 remote days
• Unlimited subscription (voice and data) for your phone & voucher for a phone
• Special discounts on Vodafone products and Friends & Family offers
• Medical, life and surgical insurance
• An insurance plan and additional medical packages for you and your family
• Meal vouchers for shopping or a fun lunch with colleagues at the office
• Bookster subscription for unlimited reading
• Preferential rates at the gym
• Professional development and leadership programs
• Internal Wellbeing & Recognition events
• Extra vacation days for special events

Who we are

You may have already heard of Vodafone - We're a leading Telecommunications company in Europe and Africa. But what you might not know is that we are continuously investing in new technologies to improve the lives of millions of customers, businesses and people around the world, creating a better future for everyone.

As part of our global family, whether that's Vodafone, Vodacom or _VOIS, you'll feel a sense of pride and purpose as you contribute to our culture of innovation. We pursue equality of opportunity and inclusion for all candidates through our employment policies and practices. We recognise and celebrate the importance of diversity and inclusivity in our workspace and we do not tolerate any form of discrimination especially related to but not limited to race, colour, age, veteran status, gender identification, sexual orientation, pregnancy, ethnicity, disability, religion, political affiliation, trade union membership, nationality, indigenous status, medical condition, HIV status, social origin, cultural background, social, or marital status.

Together we can.

Vodafone is committed to attracting, developing and retaining the very best people by offering a motivating and inclusive workplace in which talent is truly recognised and rewarded. We are committed to promoting Inclusion for All with the belief that diversity plays an important role in the success of our business. We actively encourage everyone to consider becoming a part of our journey.

Apply now »