IT Security Control & Policy Expert
Your day to day:
This role will drive and ensure full compliancy on security controls and policies for the complete scope of the organization and act as a security point of contact in managing Cyber Security Risk in line with policies and tolerance.
This role will ensure that all requirements are met to reach full Cyber Security Baseline (CSB)/ CARM (Cyber Adaptive Risk Method), PCI-DSS (Payment Card Industry Data Security Standard), ISO27001 ( international standard for information security management systems (ISMS) ISO22301 ( international standard for Business Continuity Management Systems (BCMS).) compliancy as well support during Group Internal or external audits as focal point of contact inside the organization.
The IT Security Control & Policy Expert will participate in audit preparations, control reviews, documentation review, and also develop improvement plans, track the remediation actions, and overall maintain overall Vodafone compliance.
The role will provide guidance on process policies, standards and controls to comply with internal audit and external regulatory and legislation requirements. In this role the IT Security Control & Policy Expert will ensure the over-arching technical implementation and fulfillment of all security related controls and policies.
This role will closely interact with Group Cyber Security functions, infrastructure, application operations teams Work with IT teams to implement and maintain security controls and technologies to protect cardholder data, including encryption, access controls, and network segmentation, vulnerability management, remote access configurations, EDR, etc for specific frameworks controls .
The IT Security Control & Policy Expert should be able to engage in technical conversations on Data Centre, Network, Application components with system & service owners to report potential security risks or gaps to the management, highlighting possible and existing control & compliance issues and eventually developing and implementing action plans for addressing them within given compliance milestones.
With these activities you will have a great impact on our business:
Security Compliance:
- Implement, maintain & monitor internal policies and standards in accordance with the agreed standards.
- Drive and ensure full compliancy on security controls and policies for the complete organizational scope of the organization. Support periodical process review and performs audits, with the aim at identifying and suggesting actions to improve security controls and policies.
- Facilitate discussions across different departments and leverage both internal expertise and external best practices.
- Interface to the internal and external auditors and relevant stakeholders
- Review security documents (Detailed Requirements, T2/T3 level documents) and ensure proper alignment and collection of requirements from impacted stakeholders.
- Agree on corrective actions to close identified gaps and track them to completion.
- Continuously improve maturity and scores on controls and policies
Consultancy:
- Provide expertise and guidance for the implementation of compliance and policy requirements, also in line with international standards’ recommendations (e.g. ISO27001, ISO22301, PCI-DSS, CSB)
- Collaborate with Group Security and IT-Services departments on process management related projects; provide information and example about our processes and process management system.
- Perform regular awareness sessions on security/hygiene/golden rules (e.g. IS027001, CSB, PCI-DSS);
- Stay abreast of changes in the used international standards, regulations, and industry best practices, and assess their impact on the organization's compliance efforts.
- Build strong relationships with senior leaders and stakeholders to understand and map out business priorities and how security engagement can be effectively managed to deliver secure by design solutions.
- Provide consultancy and technical assurance for the product portfolio with specific responsibility to ensure that Cyber policies and standards are in place and effective and also technical security architectural best practice and be able to identify technical controls improvements to positively uplift the security posture of the organization.
- Deliver technical and non-technical control assessments of the organization’s products and solutions.
With these skills you are a great candidate:
- At least 5 years’ experience in a security standards & compliance environment
- In-depth knowledge and experience of security standards and compliance /audits (e.g. ISO27001, ISO22301, PCI-DSS)
- Industry-standard premium qualifications like ITIL v4 Expert, ISO/IEC 27001 Lead Auditor, CISM, CISSP, ISO/IEC 20000 Consultant, CBCI, PCI-DSS,
- Practical experience of designing, implementing and operating security controls in an IT and global operating environment.
- Ability to work independently, prioritize tasks, and manage multiple projects simultaneously.
- Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
- Strong analytical skills
Sounds like the perfect job? We’ve got even more to offer:
- Work from Home – hybrid approach
- Medical and dental services
- Life and hospitalization insurance
- Dedicated employee phone subscription
- Special discounts for gyms and retailers
- Annual Company Bonus
- Ongoing Education – we continuously invest in you to ensure you have everything needed to excel on the job and enhance your skills
- You get to work with tried and trusted web-technology
- Getting in on the ground floor of a technology changing company
- Flexible Vacation – Take time off when you need it, we trust you
- Special Paternal Program - 4 months of paid paternity leave
We recognize and celebrate the importance of diversity and inclusivity in our workplace so that we are as diverse as the customers and communities we serve. We do not tolerate any form of discrimination especially related to but not limited to race, colour, age, veteran status, gender identification, sexual orientation, pregnancy, ethnicity, disability, religion, political affiliation, trade union membership, nationality, indigenous status, medical condition, HIV status, social origin, cultural background, social or marital status.
Worried that you don’t meet all the desired criteria exactly? We are passionate about Inclusion for All and creating a workplace where everyone can thrive, whatever their personal or professional background. So, if you’re excited about this role but your experience doesn’t align exactly with every part of the job advert, we encourage you to apply as you may be just the right candidate for this role or another role, and our recruitment team can help see how your skills fit in.
#_VOIS