Apply now »

IT Security Control & Policy Expert

Aggregate function:  Shared Services
Business Area:  Technology _VOIS
Posting Country:  Romania
Date Posted:  17 Apr 2024
Full Time / Part Time:  Full Time
Contract Type:  Permanent

At Vodafone, we’re working hard to build a better future. A more connected, inclusive and sustainable world. As a dynamic global community, it's our human spirit, together with technology, that empowers us to achieve this. 

We challenge and innovate in order to connect people, businesses, and communities across the world. Delighting our customers and earning their loyalty drive us, and we experiment, learn fast and get it done, together.

With us, you can be truly be yourself and belong, share inspiration, embrace new opportunities, thrive, and make a real difference.

Your day to day:

This role will drive and ensure full compliancy on security controls and policies for the complete scope of the organization and act as a security point of contact in managing Cyber Security Risk in line with policies and tolerance. 

This role will ensure that all requirements are met to reach full Cyber Security Baseline (CSB)/ CARM (Cyber Adaptive Risk Method), PCI-DSS (Payment Card Industry Data Security Standard), ISO27001 ( international standard for information security management systems (ISMS) ISO22301 ( international standard for Business Continuity Management Systems (BCMS).)  compliancy as well support during Group Internal or external audits as focal point of contact inside the organization.

The IT Security Control & Policy Expert  will participate in audit preparations, control reviews, documentation review, and also develop improvement plans, track the remediation actions, and overall maintain overall Vodafone compliance.

The role will provide guidance on process policies, standards and controls to comply with internal audit and external regulatory and legislation requirements. In this role the IT Security Control & Policy Expert  will ensure the over-arching technical implementation and fulfillment of all security related controls and policies.

This role will closely interact with Group Cyber Security functions, infrastructure, application operations teams Work with IT teams to implement and maintain security controls and technologies to protect cardholder data, including encryption, access controls, and network segmentation, vulnerability management, remote access configurations, EDR, etc  for specific frameworks controls .

The IT Security Control & Policy Expert should be able to engage in technical conversations on Data Centre, Network, Application components with system & service owners to report potential security risks or gaps to the management, highlighting possible and existing control & compliance issues and eventually developing and implementing action plans for addressing them within given compliance milestones.

With these activities you will have a great impact on our business:

Security Compliance:

  • Implement, maintain & monitor internal policies and standards in accordance with the agreed standards.
  • Drive and ensure full compliancy on security controls and policies for the complete organizational scope of the organization. Support periodical process review and performs audits, with the aim at identifying and suggesting actions to improve security controls and policies.
  • Facilitate discussions across different departments and leverage both internal expertise and external best practices.
  • Interface to the internal and external auditors and relevant stakeholders
  • Review security documents (Detailed Requirements, T2/T3 level documents) and ensure proper alignment and collection of requirements from impacted stakeholders.
  • Agree on corrective actions to close identified gaps and track them to completion.
  • Continuously improve maturity and scores on controls and policies

Consultancy:

  • Provide expertise and guidance for the implementation of compliance and policy requirements, also in line with international standards’ recommendations (e.g. ISO27001, ISO22301, PCI-DSS, CSB)
  • Collaborate with Group Security and IT-Services departments on process management related projects; provide information and example about our processes and process management system.
  • Perform regular awareness sessions on security/hygiene/golden rules (e.g. IS027001, CSB,  PCI-DSS);
  • Stay abreast of changes in the used international standards, regulations, and industry best practices, and assess their impact on the organization's compliance efforts.
  • Build strong relationships with senior leaders and stakeholders to understand and map out business priorities and how security engagement can be effectively managed to deliver secure by design solutions.
  • Provide consultancy and technical assurance for the product portfolio with specific responsibility to ensure that Cyber policies and standards are in place and effective and also technical security architectural best practice and be able to identify technical controls improvements to positively uplift the security posture of the organization.
  • Deliver technical  and non-technical control assessments of the organization’s  products and solutions.

With these skills you are a great candidate:

  • At least 5 years’ experience in a security standards & compliance environment
  • In-depth knowledge and experience of security standards and compliance /audits (e.g. ISO27001, ISO22301,  PCI-DSS)
  • Industry-standard premium qualifications like ITIL v4 Expert, ISO/IEC 27001 Lead Auditor, CISM, CISSP, ISO/IEC 20000 Consultant, CBCI, PCI-DSS,
  • Practical experience of designing, implementing and operating security controls in an IT and global operating environment.
  • Ability to work independently, prioritize tasks, and manage multiple projects simultaneously.
  • Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
  • Strong analytical skills

Sounds like the perfect job? We’ve got even more to offer:

 

  • Work from Home – hybrid approach 
  • Medical and dental services
  • Life and hospitalization insurance
  • Dedicated employee phone subscription
  • Special discounts for gyms and retailers
  • Annual Company Bonus
  • Ongoing Education – we continuously invest in you to ensure you have everything needed to excel on the job and enhance your skills 
  • You get to work with tried and trusted web-technology
  • Getting in on the ground floor of a technology changing company
  • Flexible Vacation – Take time off when you need it, we trust you 
  • Special Paternal Program - 4 months of paid paternity leave

 

 

We recognize and celebrate the importance of diversity and inclusivity in our workplace so that we are as diverse as the customers and communities we serve. We do not tolerate any form of discrimination especially related to but not limited to race, colour, age, veteran status, gender identification, sexual orientation, pregnancy, ethnicity, disability, religion, political affiliation, trade union membership, nationality, indigenous status, medical condition, HIV status, social origin, cultural background, social or marital status.

 

Worried that you don’t meet all the desired criteria exactly? We are passionate about Inclusion for All and creating a workplace where everyone can thrive, whatever their personal or professional background. So, if you’re excited about this role but your experience doesn’t align exactly with every part of the job advert, we encourage you to apply as you may be just the right candidate for this role or another role, and our recruitment team can help see how your skills fit in.

 

#_VOIS

Vodafone is committed to attracting, developing and retaining the very best people by offering a motivating and inclusive workplace in which talent is truly recognised and rewarded. We are committed to promoting Inclusion for All with the belief that diversity plays an important role in the success of our business. We actively encourage everyone to consider becoming a part of our journey.

Apply now »