AB-In Bev - Manager - Data Encryption (10-17 yrs)
Data Encryption Manager
Job Title : Data Encryption Manager
Role Band : V-B (Senior Manager)
Location : GCC, Bangalore
Reporting to : Global Lead- Data Privacy & Protection
PURPOSE OF ROLE :
- The Data Encryption Manager (DEM) role will work very closely and operationally report to Global Director, Security & Compliance - Data Protection.
- In addition, DEM Manager role will administratively report to Global Lead
- Data Privacy & Protection out of GCC, India.
- He/she will lead the Governance of the DEM capability and work with various stakeholders i.e. Global Data Privacy Director, Global Legal and Global & Zonal Solution team to ensure that the solution is delivered.
- The Objective is to have security & technical skillset and operational knowledge to operate and monitor tools for implementing, ensuring and improving Data encryption solution on a continuous basis.
- Should be able to work in a dynamic culture and demonstrate ownership capabilities to design and implement methodology and drive various projects/initiatives till closure with due quality.
KEY TASKS AND ACCOUNTABILITIES :
Strategic Responsibilities :
- Lead and execute technology roadmaps for the Data Loss Prevention tools to ensure they are managed and evolved to support the changing threat landscape and business demands.
- Define and establish policies and procedures for effective and efficient data loss prevention measures.
- Deploy relevant Data encryption solution as part of Data Protection methodologies, approaches, practices and standards to ensure the achievement of high levels of quality and compliance.
- Work with Global team members in terms of demand sizing and delivery.
- Drive ABI culture and principles in Security & Compliance function and should be face of Compliance team
- Provide regular update to senior leadership within GCC and Business and support to implement action plan
- Be always ready to take up specific and highly sensitive assignments as directed by Senior Leadership team
- Need to have strong negotiation skills and trigger right level of escalations to manage stakeholders
- Well versed with planning and budgeting. Should have control over the spend of compliance budget
- Ensure improvement opportunities are aligned to Leadership and translated into actionable as part of continuous improvement
Tactical/Operational Responsibilities :
- Ensure deployment of adequate Data encryption solution with specific consideration to the challenge of protecting data and preventing data loss as external devices, removable media, and web applications are more often becoming a part of daily business procedures
- Well versed with the encryption techniques like Symmetric Encryption, Asymmetric Encryption and hashing.
- Should be able to lead deployment of various Data Encryption solution i.e. encryption of devices, email, and database etc. leveraging Office 365 encryption capabilities
- Configure, update and enhance Data Loss Prevention dashboards to ensure KPI related to data encryption are tracked and monitored.
- Ensure data is secured by auto-encryption even after it leaves the organization in order to prevent and safeguard sensitive information leaving the organization.
- Review existing Data Loss Prevention security configurations & implementations and oversee the regular update of settings to ensure that solution automatically warn, block, and encrypt sensitive information based on message content and context, such as user, data class, and recipient.
- Provide direct operational support to scale Data encryption solution to geographic Zones and evolve their Data Loss Prevention maturity levels
- Coordinate tactical mitigation of Data Loss Prevention threats and incidents across multiple Zones including closure as per defined timelines
- Provide workshops and prepare user guides to ensure that Zones are informed on how best to configure and employ Data encryption technology comprising the AB-InBev Security ecosystem
- Demonstrates the ability to execute and operationalize strategy based on business demands, and industry insights, direction, vendors, methods and technical domain leads
- Can demonstrate ability to manage multiple complex technical data loss prevention projects at any one time.
- Support the effective governance of Security & Compliance activities and outputs
- Identify, escalate and mitigate risk of data loss/theft that could impact ABI's operations, customers or vendors.
- Support managing of case based, high criticality security incidents
BUSINESS ENVIRONMENT :
- Main Characteristics: Challenges (People Team, PBS, Business managers, Associated vendors)
Geographical Scope :
- ABI is a zonally structured organization with a functional zone that provides a Global Head Quarters (GHQ) capability, which leads best practice and strategy.
- The additional zones are split into the following geographical groupings :
- Asia Pacific
- Middle Americas
- North America
- South America
Key Dimensions and Contacts :
- Within each zone and GHQ there is a Solutions organization which runs IT and Business services activity.
- This specific role resides in the GHQ Solutions Security & Compliance team and will need to interact with Security and Operations functions within each zone, and in GHQ
Evaluation Criteria (Targets) : The role does not have any direct reports; however, it does require matrix management of resources across the globe to achieve strategic objectives, and will require the ability to operate across all geographies to tactically execute and operationalize the Global Data Protection strategy across the AB-InBev landscape and initiatives.
QUALIFICATIONS, EXPERIENCE, SKILLS :
Level of educational attainment required : BE/B Tech/MCA in IT, Computer Science or Electronics and Communication or similar qualification
Professional qualifications and accreditations/memberships required :
a. One or more certifications in the following: ISO 27001, CCSA, CISSP, SSCP, CEH, CISM or equivalent.
b. Basic knowledge in security industry regulations/standards (Payment Card Industry (PCI DSS), HIPAA, Gramm-Leach-Bliley Act (GLBA), General Data Protection Regulation (GDPR)) and compliance frameworks (NIST, CSA, CIS)
Previous work experience required :
a. 6-8 plus years of experience related to design and implementation of information security controls, policies, procedures. Exposure in implementing and operating data loss prevention (DLP) programs including Data encryption solution would be preferred.
b. Experience and maintaining DLP capabilities from Symantec, Digital Guardian, TITUS, Microsoft Office 365, Amazon, Google, Vera, Netscope, Zscaler, etc.
c. Has defined, implemented and maintained data encryption solution as part of Data loss prevention programs with 3rd parties to ensure solutions delivered are to optimum quality.
Language skills required :
- Advance level of English
- Strong interpersonal skills
- Effective Communication skills
IT skills required :
- Knowledge on Office 365 capabilities, managing communication tools, (e.g. SharePoint, e-learning, and security tools) to create interactive communication plan
Differentiate between essential, desirable, and less relevant technical competencies.
Behavioral Competencies :
- Ability to deliver solutions in a globally distributed matrix organization with competing demands.
- Ability to communicate with all levels of management with conviction.
- Positive attitude with zeal to work in dynamic environment.
- Go getter attitude
Interpersonal Expertise :
- Ability to build strong relationships and work cross functionally with internal and external stakeholders across multi geographies