HITACHI DATA SYSTEMS |
Job Title: Managed Cloud Solutions - Global Information Security Manager
Reporting To: Vice President Global Delivery
Direct Reports: None
Location: UK & Ireland
Primary responsibility is to act as the Subject Matter Expert around Information Security Management in relation to the MCS business. Establish organisational policies, procedures and methods to protect sensitive data and information from being compromised. The Information Security Manager must create system security policies to mitigate against computer hackers, viruses and other dangers associated with information security.
The Information Security Manager has the general responsibility for establishing security policies relating to access to MCS SOC information systems, user rights and privileges to applications, system security utilities and establishing data protection from the Internet by applying secure architecture and design principals to the computers and systems used in the delivery of service by MCS SOC. The Information Security Manager also addresses the physical security of data processing facilities or operations, risk management audits and compliance with established policies whilst supporting the delivery HDS MCS products.
- Oversee and coordinate security efforts across the organisation, including information technology, human resources, communications, legal, facilities management and other groups, to identify security initiatives and standards.
- Work closely with all internal functions within HDS (CS&S, GSC, GSS, SOC, Sales account teams and MSS Business Unit) to ensure all resources are assigned and effectively utilised.
- Primary Security touchpoint for all pre-sales customer engagements.
- Act as the Management contact and escalation point in relation to enterprise-level integration of data/information security policies, standards, evaluations, roles, and corporate awareness.
- Must be a results-oriented person who can achieve tangible improvements in the organisations' security arena.
- Work closely with HDS Account Team, other departments (i.e., Finance/Business Ops) and Customers to ensure effective delivery & implementation of secure and auditable managed services.
- Develop, implement, and manage the overall organisation process for security strategy and associated architecture and engineering standards.
- Be an active member of the MSS governance team and attend regular meetings with customer as laid down under the Governance Schedule.
A: PRINCIPAL RESPONSIBILITIES
- Develop and implement policies, standards and guidelines related to corporate security.
- Oversee the continuous monitoring and protection of facilities, personnel and information systems.
- Evaluate suspected security breaches and recommend corrective actions (including incidents involving outside vendors).
- Serve as the customer focal point for security incident response planning and execution.
- Define and implement an ongoing Risk Assessment program.
- Define, identify, and classify critical assets, assess threats and vulnerabilities regarding those assets, and implement safeguard recommendations.
- Assist in the review of applications and/or technology environments during the development or acquisitions process to a ssure compliance with corporate security policies and directions.
- Assist in the overall integration process regarding organisations own technology environment.
Audits and Certifications
- Perform Internal Audits in the development of appropriate criteria needed to assess the level of new/existing applications and/or technology infrastructure elements for compliance with enterprise security standards.
- Liaise with external customer or regulatory appointed security auditors and oversee the information sharing process.
- Establish and monitor formal certification programs regarding enterprise security standards relating to the planned acquisition and/or procurement of new applications or technologies.
- Oversee the development of and be the organisation champion of the security awareness and training program.
- Evaluate changes to the corporate environment for security impact and present findings to management.
- Support the timely resolution of both security incidents.
- Act as Security Incident Leader for the resolution of problems relating to designated MSS Customers.
- Initial assessment of the security incident and identification of the technical skills required to resolve the incident.
- When necessary, escalation to HDS Corporate, Customer IRTs and Senior Management.
- When appropriate, completion of an incident report detailing the sequence of events, the root cause of the incident, lessons learned and actions to be taken.
- For nominated accounts, act as the first point of contact for security incidents raised.
- Liaise with other Vendors during security incidents as appropriate and act as Point of contact for Vendor Management.
- Ensure a high level of Customer and HDS Account Team satisfaction.
- Conduct internal and customer security incident review.
- Identify and manage resolution of any issues impacting the effectiveness or efficiency of the security of HDS service delivery, escalating to Senior Management as appropriate.
Quality service delivery
- At all times maintain a high standard of professionalism and ensure high customer satisfaction.
- Identify opportunities for improving customer care, whether internal or external to HDS, and initiate actions using the appropriate improvement process.
- Understand and adhere to the processes and responsibilities defined by the UK quality management system and the UK Information Security Management System.
- Comply with all published HDS policies and guidelines.
- Ensure effective team work and communication at all times - with customer staff, HDS account teams and Services colleagues.
- Continually develop personal skills and experience.
- Take advantage of all types of available education material to broaden skills and develop agreed areas of specialisation.
All qualified applicants will receive consideration for employment without regard to race, color, religion, place of origin, ethnic origin, national origin, ancestry, age, sex, sexual orientation, gender identity, transgender status, genetic information, mental or physical disability, marital status, pregnancy, veteran status, or any other characteristic protected by applicable national, state, or local law.
- Perform other duties as required or directed by management.
The Information Security Manager position requires the following:
- A relevant degree (BA/BS), or equivalent work experience
- Twelve plus (12 ) years of consultant or management experience, at least six (6) of which were in a security-related area in a leadership capacity supported by industry certifications, such as: CISSP, CISM
- Full knowledge of ISO27001/2 and understanding of NIST 800/53 and other global Information Security regulations e.g. SOX, HIPAA,
- Ability to interface with top management
- Consensus-builder, while still results-oriented and commitment focused whilst appreciating an enterprise-wide view of operational risk
- Experience in development and review of IT security and compliance processes
- Business-based attitude with the understanding that no policies can be implemented without demonstrable business benefit
- Excellent staff management skills
- Technical expert with issues related to information security
- Expert level experience of deploying and running ISO27001/2 ISMS
- At least two years of security compliance and auditing experience (working as an auditor)
- Proficient writing and communication skills
- Vulnerability testing in addition to penetration testing
Other desired qualities include:
Awareness of and experience in:
- Technical knowledge of TCP/IP, network security, application security, database security, and endpoint security
- Developing security practices as a people problem versus a technical problem
- Standards-based architecture with an understanding of how to get there, including compliance monitoring and enforceability
All staff have a statutory duty to take reasonable care for their own health and safety and that of others who may be affected by what you do or do not do at work and to co-operate with your Employer on matters of Health and Safety.
Individual Contributor Competencies
- Takes ownership and responsibility for developing own knowledge and skills
- Understands the purpose of the job and how it fits into the group
- Possesses a clear understanding of the group's goals, priorities, and work purpose
- Possesses the required knowledge of Hitachi Data Systems business to be effective and to consistently achieve results
- Demonstrates integrity in all business relationships and transactions
- Possesses a clear understanding of the customer base
- Consistently makes a conscious effort to listen to customers and understand their needs
- Clearly and effectively communicates with customers and ensures that customers understand and have visibility to activities and deliverables as required
- Follows up and follows through on all commitments
- Demonstrates company values in all customer interactions
- Consistently ensures that commitments made to customers are clear and realistic and are met within the specified timeframes
- Considers customers' needs and requirements before taking action
- Makes decisions that are consistent with company values and business objectives
- Understands the level of authority to make decisions in relation to job role and uses this understanding to take action
- Makes timely decisions to take advantage of (or to accommodate) changing circumstances
- Readily identifies obstacles that need to be overcome before progressing to the next step
- Knows when to escalate to defer to enable decision making and action
- Demonstrates respect for others' capabilities and needs
- Seeks solutions that meet everyone's interests and goals
- Builds relationships based on trust and respect, while honouring differences; openly recognises and respects the diverse ideas, perspectives, and values of others
- Act with high principles of honesty, sincerity, and fairness; operates with the highest integrity
- Effectively builds support for ideas or changes through discussions with peers and when required, people at higher levels in the company
- Consciously involves people in a timely fashion to gain ownership, support, and cooperation
- Practices two way communication at all levels including giving and accepting input and suggestions
- Builds relationships and displays compassion to resolve barriers and conflicts
- Holds oneself accountable for performance and outputs
- Takes responsibility for building clear performance agreements with managers, leaders, and colleagues
- Organises tasks and responsibilities to drive higher levels of productivity and ensure results in the right areas
- Demonstrates a positive sense of urgency about getting the job done, plans and organises time efficiently, and generates enthusiasm about work
- Maintains persistent efforts and focus to achieve objectives over a prolonged period
- Possesses a high degree of self-motivation to achieve set objectives and contributes directly to the success of the business; communicates a positive attitude toward tasks and challenges
- Displays innovation and creativity in meeting challenges
- Displays unfailing integrity; never takes shortcuts that compromise company values