Head - Information Security

Job Description :

The Head of Information Security is responsible for all Information Security areas on the TP/EBS Platforms and it's affiliated entities. You oversee and coordinate information security efforts across the company in order to safeguard the company's assets, infrastructure, security certifications, intellectual property and business continuity.

The role consists of managing the Information Security, as well as fulfilling the role of Information Security Architect. As such, you are responsible for embedding security within TP/EBS's product development and service delivery platforms and working on the ISM strategy together with the CISO.

Deliverables / Tasks

- Responsible for the development, implementation and management of the corporate security vision, strategy and programs in align with Group Security

- Consider, manage and develop an information security team with direct or dot reporting lines from various departments

- Establish and maintain information security standards and procedures in compliance with corporate and industry information security and risk management policies, standards and guidelines

- Alignment of Information Security Architecture with Ingenico company business and product development strategy

- Analyze the organization and system weaknesses and communicate the risks, vulnerabilities and potential consequences to relevant stakeholders, including CSO of Ingenico Group

- Ensure compliance to information security policies, coordinate the internal efforts and manage the external providers and auditors with the ISM team

- Review and approve security compliance for key infrastructure or applications when impacting the security level

- Serve as the enterprise focal point for security incident response planning and execution, including coordination of the communication in case of a security incident

- Support mediation of identified weaknesses

- Approve non-standard change requests and operate the core security components within the Ingenico CNP company security infrastructure

- Establish and execute formal certification programs and security standards relating to new applications or technology

- Develop and maintain enterprise-level security designs/policy to be used in development, infrastructure or any other technology projects

- Maintain and support the Information Security Testing program including process workflow, criteria setting, formal Information Security sign off

- Maintain and support the Secure Software Development program

- Work together with Information Security Risk and Compliance to embed CIA requirements, coming out of risk assessments, into the Information Security architecture

- Independently analyze proposed infrastructures architectures in order to determine appropriate security frameworks and models

- Develop and maintain information security architecture documentation

- Support security incident investigations with demonstrated in-depth knowledge of networks operating systems, intrusion detection systems, event logs and event correlation

- Support periodical examinations of computers, system logs, applications and networks security events

Critical Competencies

- High level of accountability

- Proactive and result driven

- Ability to work under pressure and having a flexible attitude

- Excellent communication skills, including the ability to persuade senior management and communicate information security concepts to both a technical and non-technical audience

- Ability to report to top management, abstracting technical complexity and providing to-the-point and exhaustive reporting

- Well-developed analytical skills and being accurate

- Team player

- Business-minded attitude

- Ability to plan, organize and coordinate

- Ability to thrive in a highly international, complex matrix environment

Significant role requirements

- University degree in IT or equivalent from relevant work experience

- A minimum of 3 years of experience in a similar role, with a strong focus in setting up security policies throughout the organization and in advising senior management with regards to security compliance and manage a team of professionals

- Fluent in English (word and writing)

- Preferably fluent in an additional language like French, Portuguese, Spanish, Chinese, German

- CISSP, CISM

- Proven experience in PCI-DSS

- Experience with ISAE 3402 and ISO27001

Technical Knowledge

Sound knowledge and experience in the following areas is a must:

Overall IT security engineering, with hands-on experience of a diverse range of security technologies:

- Access Control Systems and Methodology

- Communications & Network Security

- Webservers/Application/Database layers

- Cryptography (Encryption technologies & Key handling)

- Security Architecture Analysis

- Technology Related Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)

- Physical Security Considerations

Working Days : 5 Days a Week