Unilever - Information Security Functional Platform Manager

Role: Information Security Functional Platform Manager

Function: Information Security

Reports to: Secure by Design Director

Coverage: Global

Location: Bangalore

Business Context and Main Purpose of the Role

Unilever's Information Security Team is a multi-disciplinary team made of groups that assess the security of new IT Solutions, land new Security technologies into our environment to protect our information and assets and groups that run the Security Operations Centre that constantly monitors the security of our estate and its boundaries.

It is our Secure by Design Team that assess the security of new IT Solutions and it is within this team that we are recruiting for an individual to partner our Core Business Operations and Information & Analytics (I&A) IT Platforms.

The individual will require a good level of knowledge and understanding of the technologies used by the Core Business Operations and Information & Analytics organisation and be able to understand and ensure compliance to the Unilever Information Security framework. Partnering the Platform Directors and their teams, the individual will be able to explain key security considerations when considering the current and future Platform landscape for the respective functions.

Key to the role is the ability to understand complicated IT initiatives and overlay Unilever's information security requirements, communicating the requirements in a clear and consistent manner to project stakeholders. Rigour and depth of security assessment must be balanced against the needs of the IT Organisation - practicality and pragmatism are paramount to the effectiveness of this role.

Main Accountabilities

Within the scope of responsibilities, the Information Security Functional Platform Manager is responsible for;

Engagement

- Partnering the IT Platform Directors and their teams for Global Supply Chain, Global Finance, Core ERP and I&A in relation to all aspects pertaining to Information Security.

- For platforms leveraging SAP, forging a close working relationship with the Solution and GRC Director, who oversees the Security of our SAP estate.

- Understanding respective technology roadmaps and being aligned with upcoming projects and innovations.

- Keeping close alignment with the Enterprise Architects associated to the Functional Platforms stated above, in relation to the Information Security context of EA's work.

- Working with the respective IT Platform Teams to ensure that key Information Security and Privacy Regulations land effectively there-in, for example, ensuring that the General Data Protection Regulation (GDPR) and PCI Compliance are adhered to.

- Strong engagement with Privacy, Vendor Relationship Management and Info Sec Ops Team to keep them abreast of developments within the Functional Platforms stated above.

Technology Awareness

- Continually develop a strong knowledge in relation to the Applications and Foundation Platforms being used within our Global Supply Chain, Global Finance, Core ERP and I&A organisation.

- Understand key Information Security considerations in relation to these Applications and Platforms, including key themes around Info Sec pertaining to Cloud Services.

- Understand key Information Security considerations in relation to the SAP landscape.

- Understand key Information Security considerations in relation to I&A (Business Intelligence) technologies, for example, Azure Data + Analytics landscape and Tableau.

- Provide guidance and expertise to the Platforms in relation to Mobile Application security, as we innovate more solutions to be consumed through mobile devices.

- In relation to the technologies above, building knowledge and understanding in relation to the IT Security controls around these products.

- Understand how Information Securities own Foundation Technologies are applied to the Functional Platforms stated above.

Secure by Design

- In relation to the Engagement and Technology Awareness listed above, supporting our Global Supply Chain, Global Finance, Core ERP and I&A organisations through relevant Information Security processes.

- Support the projects in meeting requirements from Information Security compliance and provide support in relation to sign-off prior to go-live of the projects.

- Manage any non-compliance to Information Security requirements and ensure that the impacts and risks are documented, managed and understood by key stakeholders.

- Establish governance regime with Platform lead to ensure visibility of security issues/risks driven via KPI & metrics.

- Ensure that compliance KPI for platforms are available and that these are shared with platform teams including ownership for resolving issues.

- Work with the Information Security to look at opportunities to improve our operational processes.

Crown Jewels & Personal Data

- Take joint responsibility with platform teams for the Crown Jewels, keeping close alignment with Platform Directors in relation to identifying, assessing and ensuring such systems are kept secure.

- Lead remediation activities across platform team to ensure appropriate compliance levels, with regular reviews and health assessments in place.

- Support the identification of Personal Data assets and establish, alongside Global Data Governance Team and wider Info Sec Team, a data discovery process for ongoing risk evaluation.

Team Management and Development

- Responsible for the management of two Information Security Analysts associated to the Functional Platforms mentioned above.

- Responsible for the professional development of these two resources.

- Take an active leadership role in Information Security, as a senior manager, leading opportunities to advocate the team, embed Info Sec more deeply into the Tech 2.0 agenda and being part of Info Sec's success.

Skills and competencies

- Excellent communication and senior stakeholder management.

- Proven ability to influence others, especially outside of an Information Security audience.

- Excellent time management, prioritisation of tasks and quality of delivery.

- Managing geographically distributed teams.

- An understanding and knowledge-base in relation to a quorum of technologies identified above.

- An understanding and knowledge-base in relation to Cloud (PaaS and/or SaaS) solutions.

- Understanding of Information Security control frameworks (e.g. ISO27000) or relevant Data Regulations (such as European Data Protection Regulation or EU GDPR) would be an advantage.

Relevant experience

- Experience of working within an IT function partnering Global Supply Chain, Global Finance, Core ERP and/or I&A (Business Intelligence) functions within a large organisation will be an advantage.

- A sound and broad knowledge of all, or a subset, of the technologies highlighted throughout this role profile.

- The applicant should have either have worked within Information Security, or have experience and knowledge partnering, working alongside or in alignment with an Information Security.