Location: Thailand / India / Malaysia / Vietnam / Phillippines / Singapore / Indonesia / Australia / Myanmar
*Not a relocation role
Open for External Reference: Yes
Our Exciting Opportunity :
MOAI has a team of security professionals supporting the business by building the strategic direction for Information Security, IT Security, Privacy, Risk Management, Solution Security and Security Operations domains. The team provides support and guidance to all units in MOAI and other security and non-security functions cross Ericsson.
The MOAI Security Strategy & Risk Manager is overall responsible for maintaining order and uniformity in our Security Risks in line with Group Policies and Directives. Also, the MOAI Security Strategy & Risk Manager is responsible for maintaining a structured and proactive approach for strategy execution and driving the MOAI Security tactical plan.
This role reports to Head of MOAI Security.
Purpose of Job Role :
The MOAI Security Strategy & Risk Manager is responsible in ensuring that we have a robust strategy/tactical plan developed and driven across all security domains. This function is also responsible for maintaining the MOAI security risk register in line with Group Directives. This role should ensure effective governance in MOAI and ensure security risks are handled and synchronized across all units in MOAI as well as with relevant stakeholders in all BAs/MAs/GFs. This role should ensure that risks are analyzed and categorized to make sure ISRA results can be presented to decision makers in a simple and comprehendible way.
Responsibilities
The MOAI Strategy & Risk Specialist reports directly to the Head of Security MOAI and have the following responsibilities across the MA:
Drive and coordinate strategy and tactical plan development and execution cross all domains in MOAI Security, ensuring targets are achieved.
Support the Head of Information Security in MOAI with Information Security Risks Assessment (ISRA) process.
Prepare material for governance meetings, e.g. MOAI Security LT, across all units. Be the point of aggregation in MOAI Security.
Contribute to internal and external security assessments or audits.
Ensure severe incidents are followed up on in SMB and other governance meetings and were applicable record decisions taken is such form.
Drive and consolidate Security Improvement plan based on input from Risks, internal assessments, audits and ISMS maturity.
Follow up on all Risk Treatment Plans (RTP) and ensure execution.
Manage MOAI exemptions including risk assessment and life-cycle of the exemptions.
Quality assurance of risk assessments, e.g. ISRA – Information Security Risk Assessments, Privacy Impact Assessment (PIA), Business Impact Assessment (BIA), etc., and ensure data is aggregated to comprehendible decision material.
Proactively support in improvements, simplification and automation of security and privacy risk management.
Support the Head in Information Security in MOAI and ensuring that MOAI have the right level of ISMS implementation to be aligned with the ISO27001 standard.
Ensure high and very high risks are called out and followed up on in MOAI Security LT and other meetings.
Deliverables
An annual Dashboard for reporting on the Tactical Plan.
MOAI Security LT presentation material.
Continuous tracking of risks and mitigations and security exemptions.
Aggregated ISRA decision material, Audit material.
Typical Interfaces
Line Manager: Head of MOAI Security, MOAI Security LT and Group Security
Customer Security Directors, MOAI LT
MOAI Strategy, Marketing & Communications
MOAI compliance management, BA/MA/GF Security Risk peers
IT Security Risk function
Qualifications and Experience
Solid understanding in Ericsson Security Policies, Directives and Instructions & knowledge of Ericsson business environment
Strong educational and work experience in IT and Information Security with minimum 10 years of hands on experience in these domains
Knowledge of Information Security related standards and regulation, including ISO/IEC 27001, ISO27005, ISO 31000, SOC
Security and Risk Management training/certifications or equivalent experience
Knowledge of internal and external product portfolio related to security
Why Join Ericsson?
At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build never seen before solutions to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next.
What Happens once you apply?
Click Here to find all you need to know about what our typical hiring process looks like.
Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we nurture it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team.
Background Check: All employment offers to join Ericsson are subject to satisfactory completion of our global pre-employment check.
We are proud to announce Ericsson SG has been again officially Great Place to Work Certified™ in 2022. Every year, more than 10,000 organizations from over 60 countries partner with the Great Place to Work® Institute for assessment, benchmarking and planning actions to strengthen their workplace culture and this Certification acknowledges our employees value their employee experience and our workplace culture