[HY968] Head of Security Operations
JOB DESCRIPTION
Make an impact with NTT DATA
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive.
Your day at NTT DATA
The Head of Information Security Operations is a senior leadership position responsible for overseeing and managing all aspects of an organization’s information security operations. This role is crucial for safeguarding the organization’s data, systems, and infrastructure from cyber threats.
The Head of Information Security Operations collaborates with cross-functional teams, sets strategic direction, and ensures the effective implementation of security measures to protect the confidentiality, integrity, and availability of the organization’s information assets.
What you’ll be doing
Key Roles and Responsibilities:
Providing Security-Related Advice and Guidance:
- Develops an Operations strategy that aligns with business objectives.
- Advises senior management and stakeholders on security matters.
- Ensures that Operations procedures, and protocols are updated and comply with industry best practices and legal requirements.
Security Governance and Compliance:
- Monitors compliance with security policies and regulatory requirements.
- Prepares for audits and assessments.
Leadership and Team Management:
- Provides direction and guidance for operations, administration, and results for a major departments or multiple departments within a function or work area.
- Interdepartmental Coordination:Promote and manage interdepartmental coordination to ensure a unified security posture. Facilitate regular meetings and communication between security teams and other organizational units.
- Establishes operational objectives for managers and teams.
- Builds and leads a high-performing security operations team.
- Provides mentorship, coaching, and professional development.
- Fosters a collaborative and inclusive work environment.
- Communicates security priorities and initiatives to executive leadership.
- Manages and is accountable for the Security budget for the operations.
Overseeing Security Operations:
- Monitors day-to-day security operations, including system monitoring, investigations, and incident response.
- Collaborates with other departments (HR, IT) to integrate security policies and procedures into overall operations.
Risk Assessments & Risk Management:
- Identifies, assesses, and manages security risks to the organization’s employees, clients, assets,
and facilities.
- Develops and implements security plans to mitigate these risks.
- Prioritizes security investments based on risk exposure and reports on risk posture to senior management.
- Report on risk posture to senior management.
- Ensures business continuity and disaster recovery measures are in place.
Cybersecurity Incident Response (CSIRT):
- Leads and manages the organization’s CSIRT team.
- Develops and maintains incident response plans, playbooks, and procedures.
- Attack Surface Management: Monitor and maintain ASM alerting and implement processes to mitigate external threats.
- Coordinates and responds to security incidents, breaches, and vulnerabilities.
- Conducts post-incident analysis and continuous improvement.
Digital Forensics and Cybersecurity Investigations:
- Collects, processes, preserves, analyzes,
and presents digital-related evidence to support vulnerability mitigation and/or investigations.
- Applies tactics, techniques, and procedures to a full range of tools and processes related to administrative, criminal, and counterintelligence gathering.
Hacking Centre (Penetration Testing):
- Oversees the penetration testing program.
- Collaborates with external vendors or internal teams to conduct regular security assessments.
- Reviews and acts on penetration test findings to enhance security posture.
- Ensures compliance with industry standards and regulations.
Global Security Centres of Excellence:
Establishes a Centre of Excellence ensuring consistency, reducing risks, costs, and alignment with best practices, while providing skill and scale to smaller business units. The following CoE’s includes but not limited to:
Information Security Platforms:
- Manages security tools and platforms (e. g. , SASE, SIEM, EDR, Firewalls, vulnerability management).
- Configuration and Device Management: Systems ensuring devices are correctly configured and updated.
- MACD (Moves, Adds, Changes, Deletes): Processes managing changes in the IT environment.
- Evaluates, selects, and implements new security technologies in conjunction with Strategy and Design.
- Monitors and analyzes security events and alerts.
- Optimizes security platforms for threat detection and prevention.
Cross-Functional Requirements:
- Platform Management CoE: Responsible for the technical management of various security platforms.
- Platform Consumption: Pertains to how stakeholders use the tools and platforms.
Security Technology Categories:
Network and Device Security:
- SASE (Secure Access Service Edge): A solution combining network security functions with WAN capabilities.
- Firewalls: Devices or software that filter network traffic.
- Configuration and Device Management: Systems ensuring devices are correctly configured and updated.
- MACD (Moves, Adds, Changes, Deletes): Processes managing changes in the IT environment.
Threat Detection and Response:
- EDR (Endpoint Detection and Response): Solutions monitoring endpoint and network events.
- Attack Surface Management: Processes to mitigate external threats.
- Vulnerability Assessment and Management: The practice of mitigating software vulnerabilities. Ensures threat and vulnerability assessments are programmatically conducted. Determines deviations from acceptable configurations or policies. Assesses the level of risk and develops/recommends appropriate mitigation countermeasures.
- Assurance and Testing:Penetration Testing: Simulated cyber-attacks against systems.
Identity and Access Management (IAM):
- Develops and enforces IAM policies and procedures.
- Oversees user provisioning, access controls, and authentication mechanisms.
- Collaborates with HR and IT teams to manage user lifecycle.
- Ensures compliance with access management best practices.
Physical Security
- Develop and Implement Physical Security Strategies:
- Formulate and execute comprehensive physical security strategies to protect the organization’s personnel, assets, and facilities.
- Ensure physical security measures are integrated with cybersecurity protocols for a holistic security approach.
Facility Access Control:
- Oversee the implementation of access control systems to prevent unauthorized entry to sensitive areas.
- Manage the issuance of access credentials and monitor access logs for anomalies.
Surveillance and Monitoring:
- Deploy and maintain surveillance systems, including CCTV and motion detection technologies.
- Ensure continuous monitoring and real-time response capabilities to physical security threats.
Incident Response for Physical Security Breaches:
- Develop and implement response plans for physical security incidents, ensuring swift and effective action.
- Coordinate with law enforcement and emergency services when necessary.
Collaboration with Cross-Functional Teams:
- Work closely with IT, HR, facilities management,
and other departments to ensure physical security measures are aligned with overall organizational security strategies.
- Foster collaboration to integrate physical security with other security initiatives.
Knowledge, Skills and Attributes:
- Strong knowledge of security frameworks (ISO 27001, NIST, CIS).
- Excellent communication, collaboration, and problem-solving skills.
- Ability to balance technical expertise with business acumen.
- Ability to convey complex security concepts to non-technical stakeholders.
- Technical Knowledge:
- Cybersecurity: A deep understanding of cybersecurity principles, threats, and best practices. Familiarity with security frameworks such as NIST, ISO 27001, and CIS Controls.
- Network Security: Proficiency in securing networks, firewalls, intrusion detection/prevention systems, and VPNs.
- Application Security: Knowledge of secure software development practices, secure coding, and vulnerability assessment.
- Cloud Security: Understanding of cloud security architecture, identity and access management (IAM).
- Incident Response: Ability to lead incident response efforts during security breaches or incidents.
Leadership and Management Skills:
- Strategic Thinking: The ability to align security initiatives with overall business goals.
- Team Management: Experience in leading and motivating security teams.
- Communication: Strong communication skills to convey complex security concepts to non-technical stakeholders.
- Budgeting and Resource Allocation: Managing security budgets and allocating resources effectively.
- Vendor Management: Interacting with security vendors and third-party service providers.
Physical Security Knowledge:
- In-depth understanding of physical security principles, access control systems, and surveillance technologies.
- Familiarity with industry standards and best practices for physical security.
Compliance and Legal Knowledge:
- Regulatory Compliance: Familiarity with industry-specific regulations (e. g. , GDPR, HIPAA, PCI DSS).
- Legal and Privacy Considerations: Understanding legal implications related to security and privacy.
Soft Skills:
- Leadership: Ability to inspire and guide security teams.
- Problem-Solving: Analytical skills to address security challenges.
- Adaptability: Staying updated with evolving security threats and technologies.
- Ethical Behavior: Upholding high ethical standards in security practices.
Academic Qualifications and Certifications:
- Bachelor’s degree in Computer Science, Information Security, or related field
- Certified Protection Professional or Certified Fraud Examiner or equivalent internationally recognized qualification
- Relevant certifications (e. g. , CISSP, CISM, CRISC, CEH, GIAC) are highly desirable.
Required Experience:
- Proven experience (15+ years) in information security, with at least 7+ years in a managerial/leadership role.
- Expert knowledge of industrial security programs and the ability to identify and evaluate policies and procedures to compliment the business objectives while protecting company personnel and assets.
Workplace type:
About NTT DATA
NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3. 6 billion each year in R&D; to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.
Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.
El anuncio original lo puedes encontrar en Kit Empleo:
https://www.kitempleo. es/empleo/110599051/hy968-head-security-operations-barcelona/? utm_source=html
Welcome to hacendo.com
kitempleo. es asks for your consent to use your personal data to:
perm_identity
- perm_identity Personalised advertising and content, advertising and content measurement, audience research and services development
- devices Store and/or access information on a device
Data preferences
You can choose how your personal data is used. Vendors want your permission to do the following:
Store and/or access information on a device
Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are (or have been) interacting with (for example, to limit the number of times an ad is presented to you).
Create profiles for personalised advertising
Information about your activity on this service (such as forms you submit, content you look at) can be stored and combined with other information about you (for example, information from your previous activity on this service and other websites or apps) or similar users. This is then used to build or improve a profile about you (that might include possible interests and personal aspects). Your profile can be used (also later) to present advertising that appears more relevant based on your possible interests by this and other entities.
Use profiles to select personalised advertising
Advertising presented to you on this service can be based on your advertising profiles, which can reflect your activity on this service or other websites or apps (like the forms you submit, content you look at), possible interests and personal aspects.
Information about your activity on this service (for instance, forms you submit, non-advertising content you look at) can be stored and combined with other information about you (such as your previous activity on this service or other websites or apps) or similar users. This is then used to build or improve a profile about you (which might for example include possible interests and personal aspects). Your profile can be used (also later) to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests.
Use profiles to select personalised content
Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services (for instance, the forms you submit, content you look at), possible interests and personal aspects. This can for example be used to adapt the order in which content is shown to you, so that it is even easier for you to find (non-advertising) content that matches your interests.
Information regarding which advertising is presented to you and how you interact with it can be used to determine how well an advert has worked for you or other users and whether the goals of the advertising were reached. For instance, whether you saw an ad, whether you clicked on it, whether it led you to buy a product or visit a website, etc. This is very helpful to understand the relevance of advertising campaigns.
Measure content performance
Information regarding which content is presented to you and how you interact with it can be used to determine whether the (non
¡Sea el primero en responder a este anuncio de trabajo!
-
¿Por qué está buscando trabajo en Trabajas.es?
Crear alerta de empleo
Cada día nuevos anuncios de trabajo Puede elegir entre una amplia gama de trabajos: nuestro objetivo es ofrecer una selección lo más amplia posible Déjenos enviar nuevos anuncios por correo electrónico Sea el primero en responder a las nuevas ofertas de empleo Todos los anuncios de trabajos en un único lugar (de empleadores, agencias y otros portales) Todos los servicios para demandantes de empleo son gratuitos Le ayudaremos a encontrar un nuevo empleo