Purpose of the job
- TISO has the responsibility for identifying, assessing and managing the IT risks that Holding’s Digital & Apps.
- The main objective is implementing the corporate policies for security, governance, risk and compliance, with the right balance between minimal risk and optimal business value.
- Increasing awareness among the employees regarding the security, risk and compliance.
- Top priority projects are being executed at the right time concerning security, governance, risk and compliance.
- Digital and Regional coordination in the case of data breaches.
- Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
- Advise in software development environments in Agile/SCRUM ( DevSecOps)
- Translate the policy into concrete implementation criteria and controls.
- Translate security needs of the business into technical and operational measures.
- Translate overall security requirements in infrastructure-specific controls.
- Monitor and report about suppliers’ critical security KPIs.
- Manage tool selection based on IT security requirements and assessments.
- In interaction with the business and IT, identify, assess and minimize the operational risk for security and compliance.
- Implement and maintain a practical and useable information security management system and security strategy aligned with minimal and Corporate standards and guidelines.
- Ensure that criteria and controls are implemented into the operation.
- Drive change and innovation in line with the security principles and guidelines.
- Advice and support on information security policy and framework.
- Ensure that the technical environment is operating under security, compliance and risk structure.
- Keep abreast of security incidents and act as primary control point during significant information security incidents/breaches, and coordinate responses towards the CISO, Digital & Apps CTO.
- Convene a Cyber Security Incident Response Team (CSIRT) as needed, or requested, in addressing and investigating security incidents/breaches that arise.
- Openly share knowledge with the Digital IT teams, Digital governance, risk and compliance teams, APAC, and ISF.
- Supervise identity and access management.
- Implement security-related policies, standards and procedures and focus on continual improvement.
- Perform regular sample information security audit process checks.
- Increase the security and risk awareness at all levels within Digital & Apps.
- Create education and awareness programs aligned with minimum Corporate standards and guidelines, and advice operating units at all levels on security issues, vulnerabilities and best practices.
Security, risk and compliance
- Increase the maturity of security, governance, risk and compliance management within Digital.
- Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
- Provide advice to the business and IT with regards legislation and internal and external regulations.
- Set up, maintain and monitor the compliance of regulatory, SISP and Business (Risk) Support Framework (EBSF), including:
- Monitor and co-ordinate follow-up actions for resolving SISP-audit and EBSF findings.
- Co-ordinate, implement, communicate and test the Business Continuity Plans, including the IT plans and the business plans;
- Conduct and co-ordinate the Business Impact Assessments (BIA) and the Privacy Impact Analysis (PIA), communicating with Digital’s managers, the CTO and Group CISO regarding successful completion and sign off;
- Implement Data Classification Policies;
- Support the implementation of GDPR requirements, including ‘Privacy by design/default’.
- Coordinate all information technology and security, governance, risk and compliance related audits (internal and for external suppliers). Provide guidance, evaluation and advocacy on audit responses. Provide prospective customer information security questionnaire responses for the businesses.
|Uren per week||Full time|