Share this Job
Apply now »

Regional Information and Security Manager

At HEINEKEN Kraków (HEINEKEN Global Shared Services) our success comes directly from our great people. We are a growing team of business experts in finance, accounting, data and technology ready to „WOW” the world with our expertise, passion and pride to be GREEN.
We act on our values of Passion for consumers & customers, Courage to dream & pioneer, Care for people & planet, Enjoyment of Life, always focused on being ourselves: inclusive, diverse, and open for new challenges.

 

Your responsibilities would include:

  • Setting and monitoring compliance with IT and PCD security governance, provide deep security expertise as support;
  • Managing Cyber Security Officers;
  • Maintaining security vision and strategy, including the alignment of security strategy to business strategy and risk objectives;
  • Participating in set the cybersecurity strategy that will apply to the whole organization; 
  • Overseing and managing security strategy and risks across all OpCos in his/her Region;
  • Shaping strategy and defining a vision for the organisation to ensure OpCos are both secure and futureproofed;
  • Ensuring collaborative and cohesive working practices with OpCo teams ensuring all activities align with business goals and objectives;
  • Ensuring Regional performance by identifying/resolving operational shortfalls as well as streamlining processes and procedures as well as ensuring effective professional development across the teams;
  • Utilizing Agile methodologies to lead the delivery of cybersecurity controls to ensure maximum security and effective risk management;
  • Aligning and collaborating with Supply-Chain managers and Directors on Regional and OpCo to deliver and monitor PCD Security. 
  • Overseing IT and PCD Security Risks and compliance; 
  • Reviewing/monitoring of activities of OpCos;
  • Performing periodic assessments and maintaining the overall overview of cybersecurity status to his/her region; 
  • Managing internal and external communications (reporting) related to security. Eg. the audit committee, supervisory board, ET);
  • Driving performance, development and talent growth of Regional Security & Risk Managers;
  • Defining GRC framework (incl. Cloud and Crown Jewels);
  • Contributing to an environment in which the self-confidence and proactivity of the entire team and individuals can blossom;
  • Monitoring compliance with rules and security policies (e.g. ISMA, HeiQuest, BWISE and compliance KPIs) and drive continuous improvements of internal controls;
  • Defining and maintaining HeiRule (information security standard);
  • Providing input on the impact of information security choices to global standards, practices and controls;
  • Leading risk management improvements and drives implementation;
  • Advising on derogations to the Information Security Standard;
  • Defining the Information Security & Risk Management (IS&RM) strategy in alignment with the GIS strategy, HEINEKEN security and risk management objectives, Global Audit guidelines, legal and regulatory requirements;
  • Communicating new or changed security processes and/or technologies and creates understanding and acceptance;
  • Challenging stakeholders when a chosen solution is not in line with the Information Security & Risk Management (IS&RM), HeiRule or HEINEKEN strategy;
  • Developing a medium-term planning for Second Line in Defense in line with the strategic priorities;
  • Ensuring that all stakeholders are aware of the IS&RM strategy and ISMS program, e.g. through informal & formal education and awareness programmes;
  • Maintaining awareness of emerging security industry trends, best practices and evaluate them for applicability;
  • Reporting on Cybersecurity KPIs/STIs for stakeholders in the Region;
  • Performing CSA review for both PCD and IT under HeiRule Information Security;
  • Ensuring risks are properly registered and tracked towards mitigation;
  • Overseing PCD Security project deployment and align on Global and Regional level to ensure goals and targets are met;
  • Providing guidance to PCD Security and Supply-Chain Directors on reducing cybersecurity risks as well as protecting our business;
  • Collaborating with P&CI to address ACM unmitigated risks related to SOD and critical actions

 

You are a good candidate if you:

  • Speak English fluently
  • Have multiple years’ of experience in Digital & Technology environments (experience in supporting Commerce product launches in multiple markets is a plus)
  • Are entrepreneurial; self-driven; comfortable working in ambiguous yet fast-paced environments and passionate about supporting Commerce products that scale
  • Are extremely organized; devoted practitioner of project management and comfortable in leading complex coordination across various ream on regional level 
  • Are capable of in-depth interpretation through qualitative insights
  • Have a deep interest in developing and growing security capabilities
  • Have qualification in CISSP, CISM, ISSMP, CISA, CIA, CSTA, CSTP, CIIP, CFIP, CSIS, CMI, CWSA or their equivalent. Has deep security expertise and knowledge; 
  • Can develop a medium-term planning for Second Line of Defence in line with strategic priorities and business strategy;
  • Have strong stakeholder management and excellent communication skills; 
  • Have the experience and knowledge to drive performance, development and talent growth of Regional Security & Risk Managers
  • Are a coach, facilitator and leader aiming to increase team's performance, satisfaction and motivation;
  • Have the knowledge and experience to define a GRC framework; 
  • Have extensive knowledge of compliancy, rules and security policies;
  • Are experienced in defining an information security standard;
  • Are able to determine impact of information security choices to global standards, practices and controls;
  • Are able to identify potential security threats, vulnerabilities & risks and proposes mitigations;
  • Are able to set risk management improvements and drives implementation;
  • Are able to advise on derogations to the Information Security Standard;
  • Are able and dare to challenge stakeholders when a chosen solution is not in line with the Information Security & Risk Management (IS&RM), HeiRule or HEINEKEN strategy;
  • Are able to create awareness of the IS&RM strategy and ISMS program, e.g. through informal & formal education and awareness programmes;
  • Can demonstrate ability to establish and maintain effective working relationships with internal and external organizations, groups, team members and individuals;
  • Use reflection, open discussion and trust to help the Product Teams to grow and develop; 
  • Have problem solving skills and strong organisational and communication skills

 

Find out more about D&T on our site;

Heineken (heineken-dt.pl)


Job Segment: Compliance, Supply Chain Manager, Risk Management, Information Security, Supply Chain, Legal, Operations, Finance, Technology

Apply now »