Digital I&O Cyber Security Officer
Digital & Technology Team (D&T) is an integral division of HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!
The Cyber Security Officer actionize the strategic direction, policies, governance designed by GIS and controls to ensure the effective delivery of a high-quality Information Security service for HEINEKEN.
As a member of the TP&S Hub Information Security team, the Cyber Security Officer will be the subject matter expert for all matters around information security, be a member of incident response team in the event of a security breach and be one of the main contacts for OpCo stakeholders.
In addition, the role holder has joint responsibility for Control processes including audit, security, business continuity and regulatory compliance across D&T.
Your responsibilities would include:
Security Operations
- implementing global security strategies to maintain the continuity of systems and update these based on local threats
- being responsible to manage updates related to OpCo Security Standards that are required due to local legislative requirements, in consultation with the relevant Global Information Security (GIS) teams in line with HEINEKEN Security Strategy and supporting the HEINEKEN Business Strategy
- being responsible for local security approvals regarding global services (e.g. HeiNet), in order to maintain the highest level of security for the information and IT assets of the company
- assisting the global operational security team in the design of controls/ standards and procedures that have broad implications, requiring systems integration of one or more technical platforms
- performing Risk reviews using the risk management procedure for all new local programs/services to be deployed in the OpCo operational environment and veto programs which do not comply with HEINEKEN’s security standards
- monitoring internal and external information security and cyber security policy compliance, review and assess information security audits
- performing, as per the prescribed frequency the Security Controls Effectiveness Assessment (SCEA) and ensures that all related evidence is available in support of the assessment
- monitoring and ensuring the timely closure of tasks related to audit and internal control issues raised by e.g. Global Audit, SCAR, etc.
- developing and managing the Information Security action plan to address identified risks and non-compliances.
- gaining approval from the relevant management team on that action plan and its related budget
- monitoring and reporting on the execution of that actions plan, reporting locally to the local management team and centrally to the GIS / CDO team
- analysing and challenging derogation requests regarding the ISP and TSPs that OpCos could have with a new solution or program and communicate same to the global security operations and risk management teams for approval in order to protect the HEINEKEN security environment.
- driving resolution of cyber security incident responses and address security vulnerabilities.
- performing/guiding/driving digital investigations upon the request of Local OpCo/ TP&S Hub /HR or Legal teams in case of breaches of HEINEKEN’s Code of Business Conduct
- being responsible as the local security incident lead to resolve with the OpCo D&T Managers and TP&S Hub in consultation with the Cyber Defense Operations Team (CDO), IT Regional Directors and Service Line Managers
- identifing and performing independent analysis to resolve complex first-time issues including the analysis of technical and economic feasibility of proposed security systems/ solutions. He/she is also responsible to assist the global security operations team for any IT technical audit (e.g. Ethical Hack) to any OpCo IT infrastructure or service that a 3rd Party offers to HEINEKEN with a valid and open contract to ensure that security policies are in place
- advising OpCo and TP&S Hub operations teams for security requirements (e.g. Patching, Anti-Virus, Vulnerability Management, etc)
Security Awareness
- driving training campaigns on cyber security awareness according to the global security awareness program and based on the local OpCo reality. Manage and train cyber security staff
Security Strategy
- being responsible for identifying potential risks and recommendations on how to prevent and/or avoid that risk for inclusion in global operational security strategy
- collaborating with the Global security product teams to understand and develop further the controls and processes required to improve information security
Innovation
- asccelerating and driving implementation of new Security strategies and standards from global D&T towards the HEINEKEN OpCos
- researching / participating in peer security forums (3rd parties and peers Companies) to identify opportunities to benchmark and continuously improve local implementation of standards and best practices from across IT or from the marketplace
- providing security expertise across multiple technical platforms to various OpCo and TP&S Hub stakeholders in all phases of solutions development (Ideation, Design, build, test and deploy) and Operations
Operational Technology – Process Control Domain
- security Incident Management coordination
- control Self-Assessment coordination
- review execution of PCD security deliverables (patch compliance,AV, backups, etc.)
- support OpCo communications and roll out of security standards,procedures, etc
- engage and collaborate on best practices with other CSOs and PCD Security Leads
You are a good candidate if you have:
- 7+ years working experience in Cyber Security area Support for other CSOs
- responsibility for cybersecurity of Operating Companies
- 5+ years of experience of working in agile teams in multi-cultural environments
- 5+ years of working with senior business stakeholders, influencing and working with OpCo’s
- Bachelors or Master's degree in information Security or relevant subject
- strong technical background with experience in one or more IT areas
- experience of technical disciplines in relation to Information and Cyber Security management
- experience of working with relevant standards such as ISO 27001, COBiT and relevant laws and regulations such as privacy laws including GDPR
- experience of managing audit and control processes within a technology context
- certification or formal training in ITIL
- ability to work in a cross functional environment and preferably experience in FMCG
- capable of managing multiple conflicting priorities and deadlines in a matrix environment with rapid change
- good interpersonal skills, oral and written communication skills, relationship management and influencing skills
- ability to build and leverage personal and professional networks
- working within a local and global matrix context
- strong attention to detail, independent judgment and decision-making
- experienced in self-developing through continuous learning, sharing best practice, knowledge and expertise
- certification in relevant IT Security discipline (e.g. CISA, CISM, CISSP, CEH) is nice to have.
At HEINEKEN Kraków, we take integrity and ethical conduct seriously. If someone has concerns about a possible violation of legal regulations indicated in Polish Whistleblowing Act or our Code of Business Conduct, we encourage them to speak up. Cases can be reported to global team or locally (in line with the local HGSS Whistleblowing procedure) by selecting proper option in this tool or by communicating it on hotline.
We work in a hybrid model, our office is located in Cracow. A minimum of 5 days per month in the office is required.
What we offer:
Job Segment:
Compliance, Information Security, Risk Management, Geology, GIS, Legal, Technology, Finance, Engineering