Digital I&O Chapter Lead - Cyber Security

Digital & Technology Team (D&T) is an integral division of HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!

Digital & Technology Team (D&T) is an integral division of HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!
The Digital I&O Chapter Lead Cyber Security acts both as a line manager for chapter members as well as the thought leader for the chapters’ area of expertise. In doing so a Chapter Lead still remains part of a Product Team. The Digital I&O Chapter Lead Cyber Security actionize the strategic direction, policies, governance designed by GIS and controls to ensure the effective delivery of a high-quality Information Security service for HEINEKEN.

As a member of the TP&S Hub Cyber Security team, the Digital I&O Chapter Lead Cyber Security will be the subject matter expert for all matters around information security, be a member of incident response team in the event of a security breach and be one of the main contacts for OpCo stakeholders. In addition, the role holder has joint responsibility for Control processes including audit, security, business continuity and regulatory compliance across D&T.

Your responsibilities would include:

• Coordination of TP&S Hub Cyber Security team
- liaison with Heineken’s Global Information Security team to understand
Heineken Global strategy and ensure TP&S and OpCo strategy developed adheres to this alongside additional local legislative and business
requirements
- leading TP&S and Opco alignment with GIS through effective management of Information Security. Ensure that TP&S and OpCos are aligned to central GIS direction and actively influencing this direction with TP&S and OpCos feedback
- acting as a visible leader and subject matter expert within TP&S and OpCos, leading the promotion information security compliance and engagement across the business
- working basing on continuous feedback from D&T management teams and colleagues, recognizing criticality of delivery of IT Security services
- building high performing team in place with right skills and experience for now and future – measured through calibration outcomes, 360 and Climate
- taking responsibility for regional security approvals for access to existing IT solutions and performance of risk reviews for new implementations in order to maintain the highest level of security for TP&S and OpCos information and IT assets

• Security Operations
- implementing global security strategies to maintain the continuity of systems and update these based on local threats
- responsibility to manage updates related to OpCo Security Standards that are required due to local legislative requirements, in consultation with the relevant Global Information Security (GIS)
teams in line with HEINEKEN Security Strategy and supporting the HEINEKEN Business Strategy
- responsibility for local security approvals regarding global services(e.g. HeiNet), in order to maintain the highest level of security for the information and IT assets of the company
- assistin the global operational security team in the design of control/ standards and procedures that have broad implications, requiring systems integration of one or more technical platforms.
- perform Risk reviews using the risk management procedure for allnew local programs/services to be deployed in the OpCo operational environment and veto programs which do not comply
with HEINEKEN’s security standards
- monitoring internal and external information security and cyber security policy compliance, review and assess information security audits Performs, as per the prescribed frequency the Security Controls Effectiveness Assessment (SCEA) and ensures that all related evidence is available in support of the assessment
- monitoring and ensuri the timely closure of tasks related to audit and internal control issues raised by e.g. Global Audit, SCAR,etc.
- gaining approval from the relevant management team on that action plan and its related budget
- monitoring and reports on the execution of that actions plan, reporting locally to the local management team and centrally to the GIS / CDO team
- analyzing and challenge derogation requests regarding the ISP and TSPs that OpCos could have with a new solution or program and communicate same to the global security operations and risk management teams for approval in order to protect the HEINEKEN security environment
- driving resolution of cyber security incident responses and address security vulnerabilities
- performing/guiding/driving digital investigations upon the request of Local OpCo/ TP&S Hub /HR or Legal teams in case of breaches of HEINEKEN’s Code of Business Conduct
- identifying and perform independent analysis to resolve complex first-time issues including the analysis of technical and economic feasibility.

You are a good candidate if you have:

•  Bachelors or Master’s degree in Information Security or relevant subject

•  7+ years working experience in a similar environment

•  support for other CSOs

•  5+ years of experience of working in agile teams in multi-cultural environments

•  5+ years of working with senior business stakeholders, influencing and working with Operating Companies

•  experience of technical disciplines in relation to Information and Cyber Security management

•  experience of working with relevant standards such as ISO 27001, COBiT and relevant laws and regulations such as privacy laws including GDPR

•  experience of managing audit and control processes within a technology context Certification or formal training in ITIL

•  ability to work in a cross functional environment and preferably experience in FMCG Capable of managing multiple conflicting priorities and deadlines in a matrix environment with rapid change

•  good interpersonal skills, oral and written communication skills, relationship management and influencing skills

•  ability to build and leverage personal and professional networks

•  working within a local and global matrix context

•  strong attention to detail, independent judgment and decision-making

•  experience in self-developing through continuous learning, sharing best practice, knowledge and expertise.

Nice to have:

•  Certification in relevant IT Security discipline (e.g. CISA, CISM, CISSP, CEH)

We Offer: