IDT Security Digital Journey Security Advisory (Manufacturing/Supply Chain)

TYPICAL ACCOUNTABILITIES

• Deliver effective & responsive consulting services on all aspects of risk, IT Security and technology solutions to Business and IT stakeholders,
• Work with Programmes and Projects to provide advisory, design assurance and facilitating compliance with group’s IT security framework
• Work with business and IT stakeholders to drive improvements in IT Security Risk position, Cyber Threats mitigation and compliance level, build understanding and advocacy network of IT Security discipline across the organization,
• Work with architects and solution designers to incorporate appropriate security controls into end-to-end solutions
• Provide consulting to projects during the analysis, design and build phases of projects, such that the solution designs being deployed meet minimum standards and are aligned to BAT strategy
• Assess security adequacy of architecture & design of applications / infrastructure solutions
• Participate in the development, maintenance and communication of overall enterprise IT security strategy and architecture
• Build and maintain productive, collaborative relationships with stakeholders in IT and the business
• Acting as an enterprise level consultant on all aspects of IT Security

CORE RELATIONSHIPS

• This role will require an extensive network of stakeholders from across the IT and business functions, mainly from Manufacturing & Supply Chain area which may be at a Global, Regional or End Market levels.
• This role also requires particularly strong links with the all area of IT and Business
• 3rd Party Vendors – non-commercial supplier relationships focused on operational / project activities

SKILLS, KNOWLEDGE, EXPERIENCE

• In-depth knowledge and practice with business strategies, objectives, challenges and ways of working across following business functional domains Manufacturing/Supply Chain, R&D, New Generation Products, and geographical domains (Regions, Supply Chain Centers, Factories)
• In-depth knowledge and practical application of IT Security and IT risk management principles and concepts with experience in reviewing application / infrastructure security architecture and design in manufacturing area.
• Strong working knowledge of methods and best practice in compliance / risk management / IT Security with good understanding of the technical details of security threats and mitigating controls
• Strong knowledge of development, design and project management methodologies and experience in reviewing application / infrastructure security architecture and design
• Strong consulting and risk analysis skills, ability in problem solving, critical thinking and time management to drive balanced outcomes balancing business objectives with security risk and exposure,
• Knowledge of development, design and project management methodologies with strong technical security background and broad experience in IT system and applications development and demonstrable ability to apply security controls to mitigate security risks in business solutions. Experience in following systems classes: ERP/MES/MOM/LIMS/SCADA/PLC.
• Demonstrated experience translating the business impact of security risks into language that non-technical staff can understand
• Knowledge of industry security, risk management and assessment methodologies and standards and applying them in a large enterprise environment - eg. ISO 27000 series, NIST, OWASP, PCI DSS;
• Strong and technical skills and demonstrable experience in a least one discipline; e.g. Microsoft, Oracle, Cisco, SAP
• Thorough understanding of current and emerging IT and security technologies, security threats and trends
• Strong technical security background and broad experience in system and applications support
• Ability to put business challenges against proposals, and to assess their long-term business value.
• Experience of working in a complex geographical/functional matrix organization.
• Excellent written and communication skills including experience with an executive audience
• Education: Bachelor’s degree
• Professional certification in IT and Security preferred – e.g. CISSP, CCSP, CSSLP, GSEC, SABSA, MCSE
• 5 or more years of progressive IT Security, IT and architecture experience
• Time to 100% productivity: 3 months