Business Context and Main Purpose of the Job:

The main purpose of this role is to be responsible for effective operation of all vulnerability and threat assessments for Unilever; this also includes ensuring effective coverage of vulnerability assessment across Unilever assets and ensuring effective remediation.

- This role has an active participation in influencing risk management framework for any risks associated with vulnerabilities on a continuous improvement cycle.

Main Accountabilities:

- To lead and manage the IT security threats and vulnerabilities process, management and response.

- This includes being the key account holder for vulnerability tests commissioning, operations, escalations and reporting within the organization, timely and accurate response and advice to senior management and providing information for effective communication to appropriate authorities.

IT Security Threats & Vulnerabilities:

- Provide technical advice and subject matter expertise in information security across advanced persistent threats, threat positioning including advanced APT techniques, characteristics and protection of internal environments.

- Ensure effective reporting of metrics and scorecards for vulnerabilities particularly on Unilever's prime information assets

- Support overall threat assessment for Unilever as defined by the risk governance team

- Implements proactive measures/mechanisms for identification of new threats and vulnerabilities for emerging threats such as Social Engineering, Organised crime and fraud, state sponsored attacks, Phishing etc and also for existing threats under categories such as web application vulnerabilities, Third party IaaS, PaaS and SaaS vulnerabilities and those caused by malicious insiders.

- responds effectively to threats in understanding risk and response

- liaises with Security Incident team in managing various threats/vulnerabilities that become incidents

- scans external environment for remerging threats and maintain strong external awareness

- run regular penetration testing on annual basis for agreed IP assets

IT Security Incident Monitoring And Response:

- Effective use of incident management reporting capabilities, monitors, logging and other tools to ensure proactive identification of any threats or vulnerability issues

- Plan, manage and monitor Vulnerability Management (VMS) operations, capabilities management, delivery and scope

- Effective reporting of incidents and feed into risk assessment. This includes building a coherent story from a single or heterogeneous set of incident reporting and analysis tools. Build a consistent level of reporting across all SIEM tools to get a consistent dashboard.

- Tracks actions from incidents to closure. Manage and monitor incidents logging, right severity assigned to incidents, right workflow and right process to close the incident.

IT Security Communication And Awareness:

- This role should actively spearhead communication and awareness for advanced persistent threats.

- Communication aimed at aligning awareness campaigns to personal outcomes and delivering concise yet effective updates

- Analyse and report security aspects for appropriate steering groups for relevant programmes and or key projects

Process And Continuous Improvement:

- Propose and define positive improvements to existing processes across threat and vulnerability management from on-boarding of new assets to vulnerability scanning through remediation and decommissioning processes

APT Best Practices:

- Implement the detection and protection practices to help them identify and analyse systems with unusual activity

- Undertake Threat and Vulnerability analysis, data classification and network segmentation, monitor advanced rule managements under firewalls email gateways and security configurations for good hygiene and emerging threats.

- Increase and empower detection approaches under various dimensions including geographies, Egress traffic analysis and cloud based services.

Vendor & Supplier Management:

- Establish and manage security relationships with key partnersespecially in the emerging technology space such as APTs, reputation marking products and packet-level security technologies.

- Develop relationships with governing bodies such as Federal Bureau of investigation, Dept of Defense and European Union.

Essential:

- Experience in an IT Security threat and vulnerability detection or management role.

- Minimum 5 years Working knowledge in IT Security role with B2C IT solutions for customer and consumer

- Good communications background

- 5 to 8 years industry experience working at a middle management level in large complex business environment requiring balanced risk decisions, technology decisions, and management of stakeholder pressures

- Experience in handling highly sensitive and confidential business issues

- Vendor Management skills

- Ability to recreate incidents into vulnerability lapses so that staff know the appropriate response steps.

Implementing and managing IT Security Incident responses and thereby delivering positive outcomes and high trust to leadership.

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.