Cyber Security IT Platform Senior Engagement Manager
Business Context and Main Purpose of the Role
Unilever’s Cyber Security Risk Management (CSRM) organisation is a multi-disciplinary team. We have groups that engage with the business to provide security guidance and consultancy on Technology and Processes, teams that assess Risk, teams that assess security Controls and how they apply to IT Services, we run a Security Operation Centre 24x7 and have a team looking at, and landing, new technologies into our environment to improve our Cyber Defences.
The front face of our organisation is our Cyber Security Centre of Excellence (CoE) and in particular, it’s our IT Platform Engagement Team within the CoE that are the principle interaction point to our Global, Regional and Local IT Teams. This role will take on the lead responsibility for our Engagements with our Consumer & Marketing IT, eCommerce IT, CD IT, HR IT and Workplace Services IT Platforms.
Here, we are recruiting a new leader of this team, to oversee what’s in place today and to build and innovate with new ideas, to drive best-in-class Engagement on all aspects of Cyber Security pertaining to the IT Platforms listed above.
Key to the role is the ability to understand complicated IT initiatives and overlay Unilever’s Cyber Security requirements in such a way to ensure Unilever is kept Cyber Secure, whilst supporting Innovation and Growth in the business.
Within the scope of responsibilities, the IT Platform Senior Engagement Manager is responsible for;
- Partnering the IT Platform Teams for Consumer & Marketing, eCommerce, CD, HR and Workplace Services, in relation to all aspects pertaining to Cyber Security.
- Being the principal point of Cyber Security internal consultancy for all of these IT Platforms.
- Develop a change in CyberSecurity mindset with IT Platforms, supporting them to build a better understanding and appreciation of Cyber Risk and driving a sense of CyberSecurity ownership with IT Platforms.
- Understanding respective technology roadmaps for the functions stated above and being aligned with upcoming major projects and innovations.
- Working with the respective IT Platform Teams to ensure that key Information Security and Privacy Regulations are effectively recognised and understood - for example, ensuring that PCI DSS is understood by all IT Platforms interacting with our DTC organisation.
- Manage project and stakeholder expectations pertaining to CSRM processes.
- Developing a good working knowledge in relation to the Applications and Foundation Platforms being used within our Consumer & Marketing, eCommerce, CD, HR and Workplace Services IT organisation.
- Understand key Cyber Security considerations in relation to these Applications and Platforms, including key Cyber Security Risks and Controls pertaining to Adobe, Shopify and Azure’s PaaS and SaaS environments.
- Recognise the developing Cloud (Iaas, PaaS and SaaS) environments being leveraged by these Platforms and support and advise the Platforms on how to securely leverage these opportunities.
- In relation to the technologies above, building knowledge and understanding in relation to the IT Security controls around these products.
Cyber Enterprise Risk Management
- Our CSRM Organisation is currently building a Cyber Enterprise Risk Modelling (CERM) Team, to better enable us and our business to recognise Inherent Risk, the Controls we have in place to mitigate that Risk and thus give us a sound understanding on Residual Cyber Risk in many areas of our business.
- The IT Platform Senior Engagement Manager will need to work closely with our CERM Team to help identify the effective engagement routes into our organisation, the capture of information to enable the Risk Modelling to take place, along with driving validation of the CERM model outcome.
- Support our Consumer & Marketing, eCommerce, CD, HR and Workplace Services IT organisations through relevant Cyber Security processes.
- Take a lead in funnelling new projects through to the Internal Compliance Secure by Design (SBD) Team.
- Support the Internal Compliance Team in ensuring identified Security Control gaps are understood and remediated in relation to new IT Services assessed through Internal Compliance SBD, along with in relation to established IT Services, assessed via the Threat and Vulnerability Management (TVM) Team.
Crown Jewels & KFAS
- Ensure oversight of relevant Crown Jewel and KFAS IT Services, ensuring that any Control gaps or weaknesses are fully understood by the respective IT Platform and provide guidance on remediation.
Experience, Skills and Competencies
- Experience of working with Consumer & Marketing, eCommerce, CD, HR and Workplace Services IT functions within a large organisation will be a particular advantage.
- A sound and broad knowledge of Information Technology backed up by a number of years of relevant experience.
- Experience within consumer goods, manufacturing or retail organisation would be preferable.
- Excellent communication and senior stakeholder management.
- Excellent time management, prioritisation of tasks and quality of delivery.
- An understanding and knowledge-base in relation to Cloud Security.
- Understanding of Information Security control frameworks (e.g. ISO27001) and relevant Data Privacy Regulations (such as European Data Protection Regulation (EU GDPR)) would be an advantage.
- Understanding of Cyber Security Risk Modelling would be an advantage.