JOB TITLE: Security Engineering Manager

LOCATION: UniOps, Bangalore

ABOUT UNILEVER:

Be part of the world’s most successful, purpose-led business. Work with brands that are well-loved around the world, that improve the lives of our consumers and the communities around us. We promote innovation, big and small, to make our business win and grow; and we believe in business as a force for good. Unleash your curiosity, challenge ideas and disrupt processes; use your energy to make this happen. Our brilliant business leaders and colleagues provide mentorship and inspiration, so you can be at your best. Every day, nine out of ten Indian households use our products to feel good, look good and get more out of life – giving us a unique opportunity to build a brighter future.

Every individual here can bring their purpose to life through their work. Join us and you’ll be surrounded by inspiring leaders and supportive peers. Among them, you’ll channel your purpose, bring fresh ideas to the table, and simply be you. As you work to make a real impact on the business and the world, we’ll work to help you become a better you.

ABOUT UNIOPS:

Unilever Operations (UniOps) is the global technology and operations engine of Unilever offering business services, technology, and enterprise solutions. UniOps serves over 190 locations and through a network of specialized service lines and partners delivers insights and innovations, user experiences and end-to-end seamless delivery making Unilever Purpose Led and Future Fit.

Business Context and Main Purpose of the Role

Unilever is one of the world’s leading suppliers of Food, Home, and Personal Care products with sales in over 190 countries and reaching 3.4 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Persil, Dove, Knorr, Domestos, Hellmann’s, Wall’s, Ben & Jerry’s, Marmite, Magnum, and Lynx. Faced with the challenge of climate change and the need for human development, we want to move towards a world where everyone can live well and within the natural limits of the planet. That’s why our purpose as Unilever is ‘to make sustainable living commonplace’.

At Unilever, we’re determined to achieve a culture where everyone can thrive, a culture where all individuals are treated fairly and respectfully, and where their uniqueness is celebrated. We’re taking a holistic approach that focuses on how we can use the scale and reach of our business to have the greatest impact in our own workplace and beyond. We’ve set clear goals to eliminate any bias and discrimination in our policies and practices, accelerate diverse representation in our leadership, and remove barriers for people with disabilities. At the same time, we’re setting out to spend more with diverse businesses and increasing representation of diverse groups in our advertising. Find out more about our commitment to equity, diversity, and inclusion on our website.

Unilever’s Cyber Security organization is a multi-disciplinary team responsible for protecting the Confidentiality, Integrity and Availability of our Information and Operations. Our Cyber Security organization runs a 24x7 Security Operations Centre (SOC), oversees a robust Security Architecture and associated technology landscape, provides Cyber Security Solution Engineering and Risk Advisory to our business, and assesses the security of our vast technology estate, including factories, to name but a few areas. Cyber Security sits as part of the Business Operations organisations, as a peer to Unilever’s Technology and Data functions and the broad Supply Chain agenda. Cyber Security is tasked with elevating, reporting on and influencing enterprise cyber security risk mitigation across Unilever. The Cyber Security function is made up of the Governance, Risk, Assurance, and Compliance (GRAC) team, the Tech & Ops team, the BISO teams, and the Office of the CISO.

Role Purpose:

This Security Engineering Manager role is tasked with delivering world class security engineering services, advising our organisation, and ensuring that our network, infrastructure systems, applications, products, and information are securely protected and monitored. The aim will be frictionless security, enabling the business to achieve their output and uptime goals through cyber resilience services and a strong cyber security culture. These activities will be conducted with a ‘Risk Based’ approach to help individual businesses manage cyber risk in their area.

Role Summary:

The Security Engineering Manager is responsible for building out and managing the security technology stack and integrating it with the enterprise-wide technology estate, as well as advising and providing security engineering support. They will also ensure product enhancements are understood, communicated to the business and tested where appropriate for future deployment. This position will report to the Senior Security Engineering Manager.

Key areas under this role delivered by the Security Engineering Team include:

• Building out the security technology stack in line with the security architecture roadmap and integrating it with the enterprise-wide technology estate including IT, OT/IoT.
• Ongoing management and optimisation of the security technology stack within the Tech & Ops remit, e.g., driving continuous improvement of security tooling.
• Ensuring close integration and effectiveness of the security tools and associated processes in support of the SOC.
• Working closely with suppliers and Managed Security Service Providers to ensure best practice is adopted in our security tools and Tech & Ops processes.
• Proof-of-Concept (POC) Support: Provide expertise and guidance in supporting security proof-of-concepts, ensuring successful testing and implementation of potential security solutions.
• Support implementation of Security tools along with vendors/MSSP and project team.
• Oversee security tools management along with the team, including SIEM (Qradar & Sentinel), SOAR, CSPM, NDR, EDR, EPP, MS Defender M365, NAC, WAF, Vulnerability Management Tool, Email Security, Threat Intel Platform, IDP, DAM, Mandiant Validation Platform etc.
• Becoming a trusted advisor in Security Engineering, pro-actively providing security leadership and guidance to business divisions, projects, and third parties.
• Advising on the development and design of digital security solutions, which will be adopted for the protection of IT infrastructure, Hybrid Cloud, IT applications, OT, and IoT.
• Advising on security best practice on cyber elements of business initiatives.
• Playing an active role in the definition and iteration of the Unilever Cyber Security programme.
• Becoming a security champion in Security Engineering, pro-actively providing security insights and guidance to technical teams, projects, and third parties.
• Advising on the development and design of digital security solutions, which will be adopted for the protection of IT infrastructure, Hybrid Cloud, IT & Security applications, OT, and IoT, embedded technologies.

This role will work with wider areas of the business to achieve these objectives, including the Security, Tech & Ops team and the regional Business Information Security Officer (BISO) teams.

Main Accountabilities

• Responsible for becoming a trusted advisor in Security Engineering and pro-actively providing security leadership and guidance to business divisions, projects, and third parties.
• Responsible for playing an active role in the definition and iteration of the Unilever Cyber Security transformation.
• Undertake a senior SME mentoring role to junior members of the Security Engineering team.
• Vendor Management: Cultivate and maintain strong relationships with existing security vendors, keeping abreast of product updates and enhancements.
• Create and maintain comprehensive security documentation, including implementation and configuration guidance, and technical operational processes.
• Responsible for ensuring technical governance is based on sound architectural principles and correctly documented.
• Responsible for building out the security technology stack in line with the security architecture roadmap and integrating it with the enterprise-wide technology estate including IT, Operational Technology (OT) and Internet of Things (IoT).
• Responsible for ongoing management of the security technology stack within the Tech & Ops remit, e.g., IT service management activities and driving continuous improvement.
• Responsible for ensuring close integration and effectiveness of the security tools and associated processes in support of the SOC.
• Responsible for working closely with suppliers and Managed Security Service Providers to ensure best practice is adopted in our security tools and Tech & Ops processes.
• Responsible for participating in Proof-of-Concept implementation, testing, analysis, and reporting.
• Responsible for developing and designing digital security solutions, which will be adopted for the protection of IT infrastructure, Hybrid Cloud, Zero Trust, IT applications, OT, and IoT.
• Responsible for advising on security best practice on cyber elements of business initiatives.
• Responsible for advising on definition and iteration of the Unilever Cyber Security transformation.
• Configure, troubleshoot, and maintain security infrastructure software and hardware.
• Maintain up-to-date knowledge of security trends and developments.
• Provide technical guidance for security measures.

Qualifications, Skills, and Experience

Qualification and Skills:

• Excellent written and verbal communication skills and ability to be understood by both technical and non-technical personnel.
• The ability to lead through accountability with delegated responsibilities.
• Ability to manage conflicting priorities and multiple tasks.
• Stakeholder management and interpersonal skills at both a technical and non-technical level.
• Outstanding influencing ability.
• Ability to work both independently and in a collaborative environment with international team members.
• Outstanding analytical, critical thinking and problem-solving skills – sticking to the problem until it is resolved.
• Customer-orientated, whether responding to queries or delivering new services.
• Skills in Programme and Project Management.
• Strong understanding of security principles, frameworks, and technologies
• Strong knowledge and experience of working in public cloud environments (e.g., Azure, AWS, and GCP)
• Strong knowledge of network and system security concepts
• Basic experience with programming languages such as Python, Bash, PowerShell, etc is desirable.
• Relevant certifications such as CISSP, CISM, or SANS GIAC are highly desirable.
• Knowledge of current cybersecurity trends, threats, and best practices.
• Familiarity with various security frameworks and standards (e.g., ISO 27001, NIST, MITRE, CIS).

Experience:

• The role holder will have previously held a role in Security Operations, Security Engineering or Security Architecture.
• Experience with network security, authentication, and security protocols.
• Strong experience with Linux and/or Windows Server systems.
• Experience with web application security.
• Experience with threat and vulnerability management and standards (e.g., CVSS, EPSS)
• Experience with security governance, risk, and compliance standards and requirements.
• Strong experience in developing, deploying, and maintaining security solutions.
• Experience of leading major security implementation programs across a global organisation.
• Experience with deployment and system administration, such as provisioning and managing servers, deploying databases, security monitoring, system patching, and managing internal and external network connectivity.
• Experience and proven track record in Cyber Security Engineering with knowledge of IT Security Controls, Identity & Access Management, User Behaviour Analytics/Advanced Detection and Response, Data Security. Good implementation and in-depth experience in one or more following tools -

Qradar, Sentinel, IBM Resilient, ServiceNow SecOps, Chronicle, WiZ, Skyhigh, Vectra, MS Defender for Endpoints, Crowrdstrike Falcon & IDP, TrendMicro, MS Defender M365, Forescout, Akamai Kona, QualysGuard, Abnormal, Anomali, Cyjax, Cofense, Azure IDP, Guardium, Mandiant Validation Platform, Varonis etc.

• Experience with Threat modelling practices and the development lifecycle.
• Extensive experience in providing thought leadership, and driving a complex change agenda, and an ability to challenge the “status quo”.
• Excellent strategic and operational business awareness, with a deep understanding of the key drivers, levers, issues, and constraints of digital businesses.
• Experience within a customer focused environment.
• Knowledge of the applications or the technical landscape within the domain and experience of delivering Cyber Security projects to its demands.

Behaviours

Candidates would be required to demonstrate the Unilever Standards of Leadership & live the Values through showing the following behaviours:

• Agility – Flexes leadership style and plans to meet changing situations with urgency. Learns from the past, envisions the future, has a healthy dissatisfaction with the status quo.
• Personal Mastery – Actively builds wellbeing and resilience in themselves and their team. Has emotional intelligence to take feedback, manage mood and motivations, and build empathy for others. Sets high standards for themselves and always brings their best self.
• Passion for High Performance – Inspires the energy needed to win, generating intensity and focus to motivate people to deliver results at speed.
• Talent Catalyst – Develops and magnifies the power of people. Creates an inclusive climate, empowering everyone to be at their best. Investing in people, coaching individuals, and teams to realise their full potential. Continually inspires powerful collaboration.

At HUL, we believe that every individual irrespective of their race, colour, religion, gender, sexual orientation, gender identity or expression, age, nationality, caste, disability or marital status can bring their purpose to life. So apply to us, to unleash your curiosity, challenge ideas and disrupt processes; use your energy to make the world a better place. As you work to make a real impact on the business and the world, we’ll work to help you become a better you!