The Information Security Manager will combine technical expertise and strategic thinking to create and drive innovative strategic, technological and operational solutions that effectively mitigate Nouryon-wide cyber risk to an acceptable level. The IT Cybersecurity expert will be part of a global IT organization that supports all businesses, functions and country organizations. Our mission is to provide fit for purpose and effective IT services to help exceed our company ambition and grow talent and capabilities within the organization. Central to our success is a sophisticated strategy and structure, delivered via a diverse and flat organizational structure that enables an agile and flexible approach.
- Management of the Information Management (IM) related Cyber Portfolio.
- Act as Information Manager towards the Office of the Chief Information Security Officer (CISO) and translate the Cyber Program into IM related demand and projects.
- Act as Program Manager for the implementation of IM Cyber related projects.
- Define IM standards, policies, procedures and controls within the Cyber domain.
- Create, maintain and implement the IM related cyber security framework, including policies, standards, procedures and controls (embedded within the IM Operating Model). Assess and manage the IM cyber risks.
- Actively manage IM cyber risks to include driving and monitoring remediation actions.
- Contribute to the continuous employee cyber security awareness program executed by the Office of the CISO.
- Facilitate creation of IM services to support the security awareness program.
- Monitor and report on compliance with IM cyber security controls while identifying areas for improvement.
- Drive projects to make improvements.
- Report status on basis of KPI’s to stakeholders (like IM and CISO)
- Detection, response and recovery from cyber security incidents.
- Be an active member in case of major incidents.
- Support the cyber security incident management process.
- Manage the relationship with the SOC (managed service).
- Define and report on relevant KPIs.
- Support the creation of the Security Architecture
- Support the Enterprise Architects in creating the Enterprise Architecture for the Cyber domain.
- Support specific cyber security-related investigations requested by the Office of the CISO.
Education & Experience
- Master’s degree in Business Management, Computer Science, Computer Engineering, Mathematics, or a related field of study.
- Eight to ten years work experience in IT, including several years in IT Security (e.g., CISM or CISSP).
- Experience defining policies and control frameworks (NIST CSF, ISO27001, COBIT).
- Experience managing cyber security risks including security incident management.
- Experience working with suppliers including outsourced SOC providers.
- Experience with driving change and transformation, managing large projects (agile & waterfall), and managing teams of experts (directly/indirectly).
Knowledge, Skills & Abilities
- Broad knowledge of IT Governance and Information Security issues (e.g. CobIT, ISO27001).
- Deep knowledge of the relevant technical aspects of information security. Highly experienced with applicable IT Governance frameworks and market standards.
- Knowledge of cyber security in the process industry (OT / ICS) and relevant standards like IEC 62443.
- Knowledge of the business processes in the manufacturing industry/IT.
- Able to explain relevant issues to non-information security specialists.
- Skilled at change management.
- Strong knowledge of security programs to include implementation and management.
- Excellent communication, persuasion and presentation skills. Ability to communicate effectively on leadership level and to technical teams.
- Willingness and desire to innovate and continuously improve.
- Able to communicate fluently in English, both verbal and in writing.