CSRM COE IT Platform Assistant Manager
Unilever’s Cyber Security Risk Management (CSRM) organisation is a multi-disciplinary team. We have groups that engage with the business to provide security guidance and consultancy on Technology and Processes, teams that assess Risk, teams that assess security Controls and how they apply to IT Services, we run a Security Operations Centre 24x7 and have a team looking at, and landing, new technologies into our environment to improve our Cyber Defences.
The front face of our organisation is our Cyber Security Centre of Excellence (CoE) and in particular, it’s our IT Platform Engagement Team within the CoE that are the principle interaction point to our Global, Regional and Local IT Teams. This role will drive Engagements with our eCommerce, Go To Market, Customer Development & HR IT Platforms.
Here, we are recruiting a key member of this team, to oversee what’s in place today and to build and innovate with new ideas, to drive best-in-class Engagement on all aspects of Cyber Security pertaining to the IT Platforms listed above.
Key to the role is the ability to understand complicated IT initiatives and overlay Unilever’s Cyber Security requirements in such a way to ensure Unilever is kept Cyber Secure, whilst supporting Innovation and Growth in the business.
Within the scope of responsibilities, the IT Platform Analyst is responsible for;
- Partnering the IT Platform Teams for Enterprise Application global Platforms which includes Supply chain,finance, R&D & HR Platforms IT, in relation to all aspects pertaining to Cyber Security.
- Provide technical, internal security consultancy for all these IT Platforms, as well as direction on meeting regulatory controls posed by frameworks such as PCI-DSS.
- Understanding respective technology roadmaps for the functions stated above and being aligned with upcoming major projects and innovations.
- Working with the respective IT Platform Teams to ensure that key Information Security and Privacy Regulations are effectively recognised and understood - for example, ensuring that the General Data Protection Regulation (GDPR) is adhered to.
- Manage project and stakeholder expectations pertaining to CSRM processes.
- Developing a good working knowledge in relation to the Applications and Foundation Platforms being used within our Enterprise Application Platfroms & HR IT platforms.
- Understand key Cyber Security considerations in relation to these Applications and Platforms, including key Cyber Security Risks and Controls pertaining to SAP ERP , Automaton Factory and HR systems like as Workday.
- Understand Cloud security technology specially Azure and Google .
- Recognise the emerging trends Supply chain global technology and ensure Cyber security can implement new controls in order to secure the ever-changing landscape.
- In relation to the technologies above, building knowledge and understanding in relation to the IT Security controls around these products.
- Support our Enterprise Application IT includes supply chain , plan to forecast , Make , Finance , CORE ERP and Enterprise Business integration platforms
- Support our Automation Factory IT & HR IT organisations through relevant Cyber Security processes.
- Working closely with the Internal Compliance Secure by Design (SBD) Team, and the CSRM Risk Team.
- Support the Internal Compliance Team in ensuring identified Security Control gaps are understood and remediated in relation to new IT Services assessed through Internal Compliance SBD, along with in relation to established IT Services, assessed via the Threat and Vulnerability Management (TVM) Team.
Crown Jewels & KFAS
- Ensure oversight of the Priority IT Services, ensuring that any Control gaps or weaknesses are fully understood by the respective IT Platform and provide guidance on remediation.
Experience, Skills and Competencies
- Experience of working with Supply chain , Entrpise Application like SAP ERP & HR IT functions within a large organisation will be a particular advantage.
- A sound and broad knowledge of Information Technology, backed up by a number of years of relevant experience.
- Excellent communication and stakeholder management.
- Excellent time management, prioritisation of tasks and quality of delivery.
- Excellent influencing skills.
- An understanding and knowledge-base in relation to Cloud Security.
- Understanding of Information Security control frameworks (e.g. ISO27001, CIS20) and relevant Data Privacy Regulations (such as the European Data Protection Regulation (EU GDPR)) would be an advantage.
- Understanding of Cyber Security Risk Modelling would be an advantage.