Business Information Security Manager - Bogota, Colombia - Wood Plc
Descripción
Overview / Responsibilities:
Wood is currently recruiting for a
Business Information Security Manager to join our team in Bogota, Colombia.
Job Objective:
Accountable to the Business Information Security Officer / Technology Security Manager - Senior for the implementation and operational management of Information Security Operations and associated controls across Wood.
Manages and maintains the organization's cyber security systems and infrastructure and protects the organization's IT systems and computer networks against cyber attacks, intrusions, malware and various types of data breaches.
Key Responsibilities:
-
Information Security Operations
- Responsible for managing global Information Security Operations through an outsourced IT delivery model
- Provide regular and timely reporting on the Information Security status globally.
- Define business impact of security incidents and identify and drive recommendations for change to prevent similar incidents
- Responsible for ensuring relevant SLAs for Information Security are met or exceeded
Information Security & Risk Management Frameworks
- Contribute to the Information Security Framework for all business units to mitigate risks and ensure compliance
- Operation of an Information Security Risk Management Framework that is effectively embedded in Risk policies, procedures, and governance processes
- Provide technical and professional insight in the development and delivery of Wood Information Security strategies to ensure that they align with business objectives and maximise the effectiveness of available resources
Risk Mitigation Plans - Identifies, evaluates and reports on information security risks, which supports the effective protection of information assets
- Maintain close working relationship and collaboration with Risk and Resilience function inside IS&RM team, contributing to the overall success of the Risk Management and Mitigation objectives
Set Policy and Standards - Contribute to the drafting of policies, procedures, and related guidelines within an area of expertise to meet defined key principles and ensure compliance with external requirements
- Define working procedures in combination with the IT service partner to optimise Information Security operations and Incident Response
Supplier and Vendor Risk Management - Participation in supplier and vendor risk management process
Business Unit Information Security Management - Provide support to key business initiatives by developing and disseminating threatrelated intelligence and guidance on security and resiliency policies and standards
- Act as the trusted advisor to the Business Units, providing required clarifications and support with pre and post sales activities (e.g. explain Wood Information Security program, support external audits, client request response)
Business Continuity & Disaster Recovery - Assist with Business Continuity Planning with a focus on Information Security Operations
Risk Authorities - Contribution and participation, where appropriate, in regulation and compliance working groups, audits, and remediating actions
Cyber Security Manager Specific - Document complex "as is" and "to be" processes and describe the changes required to migrate to the "to be" capability to record accurately the change required
- Develop policies, procedures, and related guidelines for an important area of responsibility within a function, ensuring compliance with external requirements and integration with the broader functional policy framework
- Ensure that business activities within the area of responsibility comply with relevant external regulatory and/or voluntary codes and with internal policies and procedures to minimize business risk and to protect the reputation of the organization
Fraud Investigations
- Participation, where appropriate, in the Group Fraud Risk Management Framework
- Participation in computer investigations providing technical expertise (including fraud, misconduct and malicious intent) in accordance with relevant IT policies
Information Security Awareness
- Establishes information security awareness throughout the organisation, ensuring that relevant training is mandated and rolled out
Skills / Qualifications:
Qualifications:
- Degree in related business or equivalent years' experience
- Recognised Information Security qualification (e.g. Security+ or CISSP) or equivalent knowledge
- Technical certification in relevant Information Security controls (e.g. CCNA Security, Palo Alto ACE, etc) or equivalent knowledge
Knowledge, skills and experience:
- Strong familiarity with governance and controls frameworks, such as COBIT, COSO, ITIL, ISO, CEP and NIST
- Broad knowledge of IT, Information Security, and emerging trends
- Detailed technical knowledge of Information Security operational controls
- A sound understanding of security best practice and relevant international standards
- Experience i
Más ofertas de trabajo de Wood Plc
-
Dibujante de Instrumentación
Villavicencio, Colombia - hace 1 semana
-
Civil Engineer
Bogotá, Colombia - hace 1 semana
-
Diseñador Electrico
Barrancabermeja, Colombia - hace 1 semana
-
Trainee Engineer
Colombia - hace 1 semana
-
Diseñador de Instrumentacion y Control
Villavicencio, Colombia - hace 1 semana
-
Young Talents
Bogota, Colombia - hace 22 horas