Compartilhe essa vaga

Título:  Coordenador Seguranca Informacao

JOB DESCRIPTION

 

Position name: INFORMATION SECURITY COORDINATOR
Function (VP/Area): D&T REGION AMERICAS
Reports to: Regional Security Information Manager


Objective
The Information Security Coordinator safeguards and ensures that security procedures are in place for every IT/PCD project and the running operations in a defined scope within AMERICAS REGION, within their remit, in order to control & protect the information assets being used by the organization and contribute to business continuity (avoiding IT operations disruption due viruses and/or vulnerabilities not protected).


Position Scope
The Information Security Coordinator is responsible for management and implementation of the global cyber security strategy based on the NIST cyber security framework, to reduce the risk of a cyber-security incident according to the risk appetite of HEINEKEN and the OpCo, as well as to raise wider OpCo cyber security awareness.


Minimum Requirements of the Position
Academic degree: Bachelor or Master degree in business information technology or a related field
Possesses relevant certifications, e.g. CISSP / CCSP / CISM / CISA / CRISC
Experience: 5+ years of working in the cyber security field and previous experience working as a cyber-security Coordinator or manager.
Languages: Fluent English
Travel availability: Yes
• Has worked with relevant market standards such as NIST, ISO 27001, COBIT and relevant laws and regulations such as privacy laws;
• Experience in handling security incidents;
• Proven ability to dynamically assess risks, threats & threat actors;
• Able to work in a cross functional environment; preferably a background in the FMCG industry;
• Sense of Business Urgency and safe-cautious mind to close critical gaps and reduce any security breach;
• Ability to explain complex technical processes to business stakeholders;
• Flexibility to adjust to multipile demands, shifting priorities, ambiguity and rapid change;
• Ability to work and team with a multitude of different people and different cultures (as appropriate);
• Display professionalism, customer service attitude, attention to detail and quality;
• Possess strong interpersonal skills, relationship management and negotiation skills, strong verbal and written communication skills;
• Develop self and others through continuous learning, sharing best practices, knowledge and expertise;
• Excellent management and leadership skills.


Activities
Security Operations
• Implement global security strategies to maintain the continuity of systems and update these based on local threats;
• Responsible to manage updates related to OpCo Security Standards that are required due to local legislative requirements, in consultation with the relevant regional Security & Risk Lead (S&RL) in line with HEINEKEN Security Strategy and supporting the HEINEKEN Business Strategy;
• Responsible for local security approvals regarding global services (e.g. HeiNet), in order to maintain the highest level of security for the information and IT assets of the company;
• Assist the global operational security team in the design of controls/ standards and procedures that have broad implications, requiring systems integration of one or more technical platforms;
• Perform Risk reviews using the risk management procedure for all new local programs/services to be deployed in the OpCo operational environment and veto programs which do not comply with HEINEKEN’s security standards;
• Monitor internal and external information security and cyber security policy compliance, review and assess information security audits;
• Performs, as per the prescribed frequency the Information Security Maturity Assessment (ISMA), and ensures that all related evidence is available in support of the assessment;
• Monitor and ensure the timely closure of tasks related to audit and internal control issues raised by e.g. Global Audit, Information Security & Risk Managers, etc;
• Manages the Information Security action plan to address identified risks and non-compliances;
• Gains approval from the relevant management team on that action plan and its related budget;
• Monitors and reports on the execution of that actions plan, reporting locally to the local management team and centrally to the Regional S&RL Team;
• Analyse and challenge derogation requests regarding the ISS/ISP that OpCos could have with a new solution or program, and communicate same to the global security operations and risk management teams for approval in order to protect the HEINEKEN security environment;
• Drive resolution of cyber security incident responses and close off security vulnerability in the case of an attack;
• Perform/guide/drive digital investigations upon the request of Local OpCo/HR or Legal teams in case of breaches of HEINEKEN’s Code of Business Conduct;
• If the OpCo faces any critical IT security incidents or breakout, he/she is responsible as the local security incident lead to resolve with the OpCo D&T Managers in consultation with the Cyber Defense Operations Team (CDO), IT Regional Directors and Service Line Managers;
• Identify and perform independent analysis to resolve complex first-time issues including the analysis of technical and economic feasibility of proposed security systems/ solutions. He/she is also responsible to assist the global security operations team for any IT technical audit (e.g. Ethical Hack) to any OpCo IT infrastructure or service that a 3rd Party offers to HEINEKEN with a valid and open contract to ensure that security policies are in place;
• Advises OpCo operations teams for security requirements (e.g. Patching, Anti-Virus, Vulnerability Management, etc).


Security Awareness
• Drive awareness campaigns on cyber security awareness according to the global security awareness program and base on the local OpCo reality. Manage and train cyber security staff.
Security Strategy
• Responsible for identifying potential risks and recommendations on how to prevent and/or avoid that risk for inclusion in global operational security strategy;
• Collaborate with the regional S&RL to understand and develop further the controls and processes required to improve information security.


Innovation
• Accelerates and Drives implementation of new Security strategies and standards from global D&T towards the HEINEKEN OpCos;
• Research / participate in peer security forums (3rd parties and peers Companies) to identify opportunities to benchmark and continuously improve local implementation of standards and best practices from across IT or from the Marketplace;
• Provide security expertise across multiple technical platforms to various OpCo stakeholders in all phases of solutions development (Ideation, Design, build, test and deploy) and Operations.


Operational Technology – Process Control Domain
• Security Incident Management coordination;
• Control Self-Assessment coordination;
• BWISE management;
• Risk Management Procedure (new solutions approval);
• Review execution of PCD deliverables (patch compliance, AV, backups, etc.);
• Security Awareness coordination and follow-up;
• Be the voice for the region from a cyber security perspective evaluating expectations, requirements and interactions;
• Support on-going activities (e.g. Compliance, Self-Assessments, BWISE, Escalations, Derogations, Risk Acceptance, Approvals, etc.);
• Engage with Supply Chain and D&T Leadership Teams, the Cyber Security strategy and co-own security programs, operations and inquiries;
• Engage and collaborate on best practices with the PCD point of contacts (within breweries) with an emphasis on standardization and simplification.


Segmento de vagas: Supply Chain, Information Security, Compliance, Risk Management, Relationship Manager, Operations, Technology, Legal, Finance, Customer Service