Security Specialist Security Competence Center

Digital & Technology Team (D&T) is an integral division of HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!

Would you like to meet the Team, see our office and much more? Visit our website: Heineken (heineken-dt.pl)

Global Digital and Technology (D&T) has a worldwide responsibility for all IT processes, solutions and services. The aim is to further enhance HEINEKEN Global Functions by delivering common business driven solutions and services.

The Global D&T Information Security Department is part of Global D&T and has the overall responsibility of assuring that HEINEKEN’s IT Risks are properly managed and information assets and IT is properly secured.

The Global D&T Information Security Department delivers deep security and risk management expertise to enable the Product Teams, Global Functions and OpCos to form a proper 1st Line of Defense (LoD) by building the right capabilities into them (security by design) and supporting them when needed.

The Security Competence Center is responsible for having the right security governance (security controls / activities/ organisation) in place in accordance with HEINEKENs risk appetite.

The SCC Security Specialist is responsible for the support of Security Business Impact and Security Assessments for the HEINEKEN Global Functions. The Security specialist is also responsible for supporting the Global Functions with advise on and implementation of the required security requirements/controls.

Your responsibilities would include:

• supporting D&T Product Teams, Global Functions and Asset Owners with the execution and completion of Business Impact Assessments and Security Assessments
• supporting Global Functions with the selection, design, and implementation of security requirements and controls of their digital solutions
• developing and maintaining a dashboard for Business Impact Assessments and Security Assessments, maintaining the Assessment funnel based on priority, and planning assessments based on the expiration of the assessment
• periodic verification of ABACUS – OneTrust Synchronisation
• supporting with the writing, updating, and reviewing of the policies in the Security Policy House
• maintaining awareness of emerging security industry trends, and best practices and evaluating them for applicability
• identifying potential security threats, vulnerabilities & risks and proposing mitigations
• supporting Product Teams and Global Functions to identify and drive opportunities to increase the efficiency of information security
• and any other task assigned by TL within the scope of functional responsibilities

You are a good candidate if you have:

• Bachelor's / Master's degree in computer science, software engineering or network design
• qualification in at least some of the following qualifications or their equivalent, CISSP, CISM, ISSMP, CISA, CIA, CSTA, CSTP, CIIP, CFIP, CSIS, CMI, CWSA
• more than 5 years of working in the Cybersecurity / IT Audit field and previous experience working as Cybersecurity Officer / Manager,
• ability to identify and drive opportunities to increase the efficiency of information security
• knowledge of standards such as NIST, ISO2700, IEC62443,
• experience with Business Impact and Security Assessments
• mindset of Cybersecurity ambassador by supporting, informing, and communicating Information security & Risk requirements to the Product Teams and Global Functions
• ability to explain Cybersecurity governance and its processes to business stakeholders
• demonstrated ability to recognize problems, identify possible causes, and resolve problems
• ability to work and team with a multitude of different people and different cultures (as appropriate)
• flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
• strong analytic and reporting skills
• demonstrated ability to write reports, procedures, and policies, and communicate effectively in a variety of situations
• demonstrated ability to establish and maintain effective working relationships with internal and external organizations, teams, and individuals
• ability for reflection, open discussion, and trust to help the Product Teams / Global Functions to grow and develop on Cybersecurity
• problem-solving skills
• strong organizational and communication skills
• excellent written and verbal English
• other language required to perform the job for the given OpCo(s)