MOAI Security Strategy & Risk Manager

Employer
Ericsson GmbH
Location
Subang Jaya, my
Salary
Competitive Salary
Posted
Feb 21, 2021
Closes
Mar 23, 2021
Ref
d08a7321090e
Job Role
Risk Manager
Sector
Finance
Contract Type
Permanent
Hours
Full Time
Background Check:All employment offers to join Ericsson are subject to satisfactory completion of our global pre-employment check.

As the tech firm that created the mobile world, and with more than 54,000 patents to our name, we've made it our business to make a mark. When joining our team at Ericsson you are empowered to learn, lead and perform at your best, shaping the future of technology. This is a place where you're welcomed as your own perfectly unique self, and celebrated for the skills, talent, and perspective you bring to the team. Are you in?

Come, and be where it begins.

Background:

MOAI has a team of security professionals supporting the business by setting the strategic direction for Information Security, IT Security, Privacy, Risk Management, Solution Security and Security Operations domains. The team provides support and guidance to all units in MOAI as well as other security and non-security functions cross Ericsson.

The MOAI Security Strategy & Risk Manager is overall responsible for ensuring that MOAI maintains order and uniformity in our Security Risks in line with Group Policies and Directives. Also, the MOAI Security Strategy & Risk Manager is responsible for maintaining a structured and proactive approach for strategy execution and driving the MOAI Security tactical plan.

The MOAI Security Strategy & Risk Manager reports to Head of MOAI Security.

Purpose of the Job:

The MOAI Security Strategy & Risk Manager is responsible in ensuring that we have a robust strategy/tactical plan developed and executed across all security domains. This function is also responsible for maintaining the MOAI security risk register in line with Group Directives. This role should ensure effective governance in MOAI and ensure security risks are managed and synchronized across all units in MOAI as well as with relevant stakeholders in all BAs/MAs/GFs. This role should ensure that risks are analyzed and categorized to make sure ISRA results can be presented to decision makers in a simple and comprehendible way.

This role belongs to JR 31184801 Security Management.

Responsibilities:

The MOAI Strategy & Risk Manager reports directly to the Head of Security MOAI and have the following responsibilities across the MA:
  • Drive and coordinate strategy and tactical plan development and execution cross all domains in MOAI Security, ensuring targets are achieved.
  • Support the Head of Information Security in MOAI with Information Security Risks Assessment (ISRA) process.
  • Prepare material for governance meetings, e.g. MOAI Security LT, across all units. Be the point of aggregation in MOAI Security.
  • Contribute to internal and external security assessments or audits.
  • Ensure severe incidents are followed up on in SMB and other governance meetings and were applicable record decisions taken is such form.
  • Drive and consolidate Security Improvement plan based on input from Risks, internal assessments, audits and ISMS maturity.
  • Actively promote a well-functioning risk management practice in the MA.
  • Follow up on all Risk Treatment Plans (RTP) and ensure execution.
  • Handle risk escalations towards Group and other MAs/BAs.
  • Manage MOAI exemptions including risk assessment and life-cycle of the exemptions.
  • Analyze and consolidate key risks and trends in risk assessments.
  • Quality assurance of risk assessments, e.g. ISRA - Information Security Risk Assessments, Privacy Impact Assessment (PIA), Business Impact Assessment (BIA), etc., and ensure data is aggregated to comprehendible decision material.
  • Proactively support in improvements, simplification and automation of security and privacy risk management.
  • Support the Head in Information Security in MOAI in ensuring that MOAI have the right level of ISMS implementation to be compliant with the ISO27001 standard.
  • Ensure high and very high risks are escalated and followed up on in MOAI Security LT and other meetings, and where applicable record decisions taken is such forms.
  • Ensure establishment and compliance of secure and appropriate storage, e.g. Eridoc, teams, Sharepoint etc.
  • An annual Tactical Plan for MOAI Security.
  • An annual Dashboard for reporting on the Tactical Plan.
  • MOAI Security LT presentation material.
  • Continuous tracking of risks and mitigations.
  • Continuous tracking of security exemptions.
  • Aggregated ISRA decision material.
  • Audit material.

Typical Interfaces
  • Line Manager: Head of MOAI Security
  • MOAI Security LT
  • Group Security
  • Enterprise Security Directors
  • Customer Security Directors
  • MOAI LT
  • MOAI Strategy, Marketing & Communications
  • MOAI compliance management
  • BA/MA/GF Security Risk peers
  • IT Security Risk function

Behavioral Competences
  • Adapting & responding to change
  • Adhering to Ericsson principles & values
  • Analyzing
  • Consultative approach
  • Coping with pressures & setbacks
  • Formulating strategies & concepts
  • Deciding and initiating action
  • Leading & supervising
  • Working with people
  • Delivering results and meeting customer expectations

Personal traits and skills
  • Uncompromising integrity
  • Excelling execution
  • Enabling people
  • Courageous leadership

To be successful in the role the requirements are:
  • • Strong knowledge in Ericsson Security Policies, Directives and Instructions & knowledge of Ericsson business environment
  • • Strong educational and work experience in IT and Information Security with minimum 10 years of hands on experience in these domains
  • • Knowledge of Information Security related standards and regulation, including ISO/IEC 27001, ISO27005, ISO 31000, SOC
  • Security and Risk Management training/certifications or equivalent experience
  • Ability to communicate and collaborate effectively
  • Strong problem-solving skills, results-oriented and a strong team player.
  • Knowledge of internal and external product portfolio related to security
  • Experience in project or program management
  • Experience in customer presentations and negotiations
  • Fluent in English (verbal and written)
What's in it for you?
With over 90,000 employees across 180+ countries, we have a culture that respects and supports your ambitions, in alignment with our values of Respect, Professionalism and Perseverance. Ericsson is very passionate about learning and development, supports mobility and flexible working hours. We are also committed to diversity and inclusion and to be a responsible and relevant driver of positive change. We also offer some awesome benefits, amazing career development and training programs to provide an empowered career in a connected world.

Every year, more than 10,000 organizations from over 60countries partner with the Great Place to Work® Institute for assessment, benchmarking and planning actions to strengthen their workplace culture. Great Place to Work® Institute's methodology is recognized as rigorous and objective and is considered as the gold standard for defining great workplaces across business, academia and government organizations.Ericsson Malaysia and Singapore has been Great Place to Work - Certified™ in 2020.
What happens next once you apply?
What happens next once you apply? Read about the next stepshere

For your interview preparation, here are a few"Tips&Tricks" from our recruiters

Ericsson is continuing to hire for all open roles with all interviewing and on-boarding done virtually due to COVID-19. Everyone new to the team, along with our current staff, will temporarily work from home until it is safe to return to our offices.

Do you believe that an organization fostering an environment of cooperation and collaboration to execute with speed creates better business value? Do you value a culture of humanness, where fact based decisions are important and our people are encouraged to speak up? Do you believe that diverse, inclusive teams drive performance and innovation? At Ericsson, we do.

We provide equal employment opportunities without regard to race, color, gender, sexual orientation, transgender status, gender identity and/or expression, marital status, pregnancy, parental status, religion, political opinion, nationality, ethnic background, social origin, social status, indigenous status, disability, age, union.