IT Security Control & Policy Expert

Your day to Day

• You will be responsible for the implementation, monitoring and compliance of ISO27001 on-premises & Cloud controls (Information security, cybersecurity and privacy protection standard) in accordance with the CHARM controls framework within VCI organisation. The Privacy area encompasses the implementation & monitoring of GDPR controls across VCI (e.g. Security Baseline, Third party Security Compliance, Security & Privacy by Design).
• You will ensure the over-arching technical implementation and fulfillment of the of related controls and policies. This role will ensure that all technical requirements are met to reach CHARM, GDPR & ISO27001 compliancy as well support during Group Internal or external audits as focal point of contact inside the organization.  The role will enable Vodafone to demonstrate compliance both to VF Group & Local market policies and to international standards like SOX, ISO/IEC and ISO/IEC 27001.
• The purpose of this role is to safeguard Vodafone infrastructure & reduce potential cyber risks to an acceptable level. The 2 areas are critically connected as cybersecurity underpins critical infrastructure that protects data, thereby safeguarding personal information and build the “trust by design” concept.
• This role will closely interact with Group Cyber Security functions as well all infrastructure and application operations teams on the implementation and testing of the controls and policies. The role should be able to engage in technical conversations on Data Centre components with application and service owners to report potential security risks or gaps to the management, highlighting possible and existing control & compliance issues and eventually developing and implementing action plans for addressing them within given compliance milestones.

With these activities you will have a great impact on our business:

• You will drive and ensure full compliancy on cyber security controls and policies for the complete organizational scope of the organization (Vodafone Cloud & Infrastructure)
• You will be end to end responsible for the implementation, monitoring and compliance of ISO27001 & GDPR controls
• You will implement and maintain in collaboration with Group Privacy the Personal Data Processing Register (PDPR)
• You will perform regular awareness sessions on CHARM, GDPR, ISO27001, security/hygiene/golden rules
• You will be responsible for achieving required compliance (coverage and adequacy) targets within VCI for on-premise as well as for Cloud controls as well as for GDPR privacy regulatory controls
• You will review security documents (Detailed Requirements, T2/T3 level documents) and ensure proper alignment and collection of requirements from impacted stakeholders
• You will be responsible for timely delivery of evidence
• You will be responsible for status reporting
• Responsible for risks assessments
• Responsible for continuous improvement of the processes to obtain simple and efficient lifecycle

With these skills you are a great candidate:

• You have 5+ years’ experience in ISO27001 processes and controls
• You have 2+ years’ work experience in GDPR processes and controls
• Broad background on IT /Data centre technologies (Server/Compute, Storage, Database, Network, private/public cloud)
• Industry-standard premium qualifications like ITIL v3 Expert, ISO/IEC 27001 Lead Auditor, ISACA Certified Information Security Manager, ISACA Certified Information Security Auditor,
• Extensive experience and understanding Security compliance
• Solid knowledge about ITIL Processes
• Experience in Risk management
• Experience in governance management and collaboration with multiple customers
• Candidates with Certifications in ISO27001 LA/LI, CISM, CISA will be preferred.
• General background of IT service & security management
• Proven experience in handling PCI-DSS, GDPR, ISO 9000 /27000 implementation and audits
• Understanding of ITIL and Agile methodologies

Sounds like the perfect job? We’ve got even more to offer:

•Work from Home – hybrid approach  

•Medical and dental services 

•Life and hospitalization insurance 

•Dedicated employee phone subscription 

•Special discounts for gyms and retailers 

•Annual Company Bonus 

•Ongoing Education – we continuously invest in you to ensure you have everything needed to excel on the job and enhance your skills  

•You get to work with tried and trusted web-technology 

•Getting in on the ground floor of a technology changing company 

•We let you write your own story by planning vacations: go for a trip, experience new things, have fun and enjoy your 23 days off.

•Special Paternal Program - 4 months of paid paternity leave 

#VOIS