IT Security Services Lead
- Reference Number
- ADV1764
- Closing date for applications
- 20 March 2014
- Country
- Various
- City
- Function/Discipline
- Global IT
- Employment Category
- This is a permanent role
- This role is offered on local conditions
- Working Hours
- Full/Part-Time
- Full Time
- Number of Roles Available
- 1
- Salary
- Commensurate with Experience
IT Security Services Lead
Position Summary
The BG Group information security operations organization is currently outsourced to a Managed Security Services Provider (MSSP), under a framework comprised of circa fifteen (15) different service lines, ranging from Compliance and Assurance to Identity & Access Management, Threat Vulnerability Management and Cyber Incident Response.
The Managed Security Services (MSS) Lead provides support to the MSS Service Owner in the day-to-day activities of the information security operations of the Group, including services delivered by the MSSP and also other third parties.
The support provided is two-folded:
- Technical: formulating or reviewing recommendations on the design or operations of security service lines; and
- Operations: ensuring suppliers adherence to the contract schedule (or relevant SOW) and SLAs, quality of services and timely response to requests/incidents.
As a member of Global IT, collaborates with peers to deliver the programme of work and expected service levels as agreed with the business.
Demonstrates commitment to the BG behaviors.
The Managed Security Services (MSS) Lead provides support to the MSS Service Owner in the day-to-day activities of the information security operations of the Group, including services delivered by the MSSP and also other third parties.
The support provided is two-folded:
- Technical: formulating or reviewing recommendations on the design or operations of security service lines; and
- Operations: ensuring suppliers adherence to the contract schedule (or relevant SOW) and SLAs, quality of services and timely response to requests/incidents.
As a member of Global IT, collaborates with peers to deliver the programme of work and expected service levels as agreed with the business.
Demonstrates commitment to the BG behaviors.
Key Accountabilities
Acts as primary Subject Matter Expert (SME) and point of contact for the following service lines: Threat & Vulnerability Management, Identity & Access Management and Security Operations Centre & Incident Response.
Monitors achievement of milestones as per the MSS Contract Management Plan (and/or specific security projects). Notifying the MSS Service Owner of potential non-compliance elements before these occur so that compensating actions may be implemented.
Agrees or disagrees on MSSP recommendations or proposed actions for p1 and p2 tickets. Escalates promptly to the MSS Service Owner incidents that may impact BG Group's operations, reputation or safety of personnel.
Reviews outputs from the MSSP providing SME input to the evaluation of potential impacts and recommendations.
Report violations of compliance or regulatory standards to stakeholders as appropriate or required.
Ensuring the Supplier complies with all Company standards and conduct annual review/audit for the India Security Operations Centre (SOC).
Conducts periodic internal reviews or audits to ensure that compliance procedures are followed. Additionally the individual will also test controls, review outcomes from audit and agree on controls, assess effectiveness of controls and review remediation logs and trackers, supporting the Global IT IT Risk & Compliance team.
Monitors achievement of milestones as per the MSS Contract Management Plan (and/or specific security projects). Notifying the MSS Service Owner of potential non-compliance elements before these occur so that compensating actions may be implemented.
Agrees or disagrees on MSSP recommendations or proposed actions for p1 and p2 tickets. Escalates promptly to the MSS Service Owner incidents that may impact BG Group's operations, reputation or safety of personnel.
Reviews outputs from the MSSP providing SME input to the evaluation of potential impacts and recommendations.
Report violations of compliance or regulatory standards to stakeholders as appropriate or required.
Ensuring the Supplier complies with all Company standards and conduct annual review/audit for the India Security Operations Centre (SOC).
Conducts periodic internal reviews or audits to ensure that compliance procedures are followed. Additionally the individual will also test controls, review outcomes from audit and agree on controls, assess effectiveness of controls and review remediation logs and trackers, supporting the Global IT IT Risk & Compliance team.
Every individual has a duty to both themselves and those around them to ensure that safe practice is adhered to at all times. In addition to any specific accountabilities for HSSE, all employees are accountable for ensuring that they take care of themselves and adopt exemplary safe behaviours.
Unique Knowledge, Skills, Experience and Attribute
Experience Needed:
Experience in large Information Security Transformation programmes, as a project lead or technical SME.
Experience in working in a multi-vendor IT supplier ecosystem.
Demonstrated Vendor / Relationship Management experience delivering high reliability services.
Significant experience of Security Incident Management at company wide level dealing with significant security events. Experience in SIEM solution implementation and operations.
Practical experience of using ITIL / COBIT to deliver improved security services.
Experience in creating a win-win relationship when doing Vendor / Stakeholder Management.
Experience in working in a multi-vendor IT supplier ecosystem.
Demonstrated Vendor / Relationship Management experience delivering high reliability services.
Significant experience of Security Incident Management at company wide level dealing with significant security events. Experience in SIEM solution implementation and operations.
Practical experience of using ITIL / COBIT to deliver improved security services.
Experience in creating a win-win relationship when doing Vendor / Stakeholder Management.
Knowledge, Languages, Skills and Attributes:
Preferably educated to degree level in either an IT related subject or a specific business functional discipline (e.g. earth sciences, engineering etc), however experience will be considered.
CISSP or CISM qualification.
Detailed knowledge of ITIL v3 (minimum Foundation Level) and/or ISO27001/27002.
Project Management skills, Prince 2 or similar.
Skillful Risk/Return analysis to balance risk, cost and return
Flexibility to adapt and compromise.
Contributes new thinking to the broader organisation
Planning, communication and presentation skills
Quality management.
Works in compliance with BG Business Principles, Policies and Standards.
Supports others to develop to maximum effectiveness.
CISSP or CISM qualification.
Detailed knowledge of ITIL v3 (minimum Foundation Level) and/or ISO27001/27002.
Project Management skills, Prince 2 or similar.
Skillful Risk/Return analysis to balance risk, cost and return
Flexibility to adapt and compromise.
Contributes new thinking to the broader organisation
Planning, communication and presentation skills
Quality management.
Works in compliance with BG Business Principles, Policies and Standards.
Supports others to develop to maximum effectiveness.
Special Features:
Whilst not frequent, travel may be required to BG Asset locations.
Additional Information for External Candidates
BG Group values diversity and is committed to equal opportunities; applications are welcome from all suitably qualified candidates.
Please note that after the closing date you will no longer be able to apply for the vacancy. The specific time of closing is midnight UK time on the date displayed. BG Group also reserves the right to close vacancies before the advertised closing date without prior notice.
Post a Comment