Senior Manager, Cyber Defence Centre

Hydro Global Business Services (GBS) is an organizational area that operates as an internal service provider for the Hydro group. Its ultimate purpose is to deliver relevant IT, financial and HR business services to all business areas within the company.
 

Role Purpose

The Senior Manager of Cyber Defence Center is the strategic leader of the SOC services both for Enterprise IT and for ICS, as well as the Security Engineering function within GBS. He/She is the direct manager of the SOC Manager, and the Security Engineering Manager.

Responsibilities

• Strategic leadership of the SOC and Security Engineering functions within GBS IT
  • Develop, set and maintain strategy for the Cyber Defence Center (SOC and Security Engineering) organization, services and technology
  • Work closely, own continuous improvement strategic activities in Cyber Security Services related to the Cyber Defence Center, including automation (SOAR), vulnerability management improvement, threat management improvement, log managemen improvement, etc.
  • Continuously optimize the platform, tool portfolio for security operations management, lead the program on centralizing processes to Splunk, and other strategic tools
  • Lead program on optimizing team setup, oncall coverage, internal-external resource balance in CDC
  • Relationship management with all stakeholders of the CDC services (e.g. GRIT management, other cyber security team management, GBS IT management)
• Operation, reporting
  • Overall responsibility of the operation of EIT and ICS SOC, Security Engineering teams, and their KPI-s
  • Responsible for the senior management reporting on the relevant cyber security area (in collaboration with the reporting team)

• Vendor management
  • Manages relationship with the vendors serving CDC in GBS
  • Sets KPI, SLA, requirements towards vendors and continuously optimizes the setup for his/her functions
• Escalation point
  • Higher level escalation point on all EIT and ICS SOC and Security Engineering related processes, performance, operation

• Project Management
  • Overall ownership responsibility on all CDC related projects
• Business Relationship Management
  • Continuous business relationship management with BA and GRIT owners, customers of CDC services
  • Commercial, marketing mindset driven communication to the customers and/or potential customers of the CSC services

• Organization, Team, People
  • Overall ownership responsibility on the right staffing of the EIT and ICS SOC and Security Engineerting teams in capacity and skillset
  • Direct manager of the SOC Manager and Security Engineering Manager

Qualifications

In depth knowledge on:

• Methods and motivations adopted by hackers to attack IT platforms and automated information systems
• IT security incident management processes and tools
• IT operations and support organizations
• IT security risk assessment
• IT security forensic techniques, tools and procedures
• Vulerability management end-to-end
• Threat management end-to-end
• Log management end-to-end
• Mitre killchain for EIT and ICS
• ICS-OT Security Management
• Cloud and application security

The following experience is considered essential experience:

• In-depth experience in security management processes and tools
• 10+ years of technology experience, including troubleshooting and performing root cause analysis of complex IT solutions
• 5+ years of demonstrated leadership experience building consensus across IT domains
• 5+ years of demonstrated experience managing a high-performing, cohesive security teams
• Significant experience in working in the manufacturing industry
• Experience in working with the Forum of Incident Response and Security Teams (FIRST) or an equivalent organization
• Experience in working with law enforcement or other relevant government agencies
• 5+ years of hands-on IT or information security assessment in a commercial environment subject to the caveat below
• 5+ years of demonstrated experience in liaising with middle and senior management of a large commercial enterprise

• Bachelor's or master's degree in IT, engineering, business, management or a related field, or equivalent work experience
• Tertiary qualifications in information or IT security, or industry qualifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or the equivalent

• Strong communication skills with a proven ability to understand key concepts and communicate with technical staff, lines of business and senior management
• Proven ability to build relationships and influence individuals at all levels in a matrixed environment to ensure that segregation and overlapping roles are identified and coordinated
• Strong organizational skills and the ability to perform in a command-and-control role under pressure, and the ability to manage multiple priorities with competing demands for resources
• Ability to consume and synthesize intelligence about actors, techniques or situations to identify emerging risk scenarios
• Strong analytical and problem-solving skills
• Proficiency in process formulation and improvement
• Proficient in working in a fast-paced, complex, dynamic, multicultural business environment
• Knowledge of legal requirements for privacy of personal information from employees and customers

Hydro offers

• Working at the world’s only fully integrated aluminum and leading renewable energy company
• Diverse, global teams
• Flexible work environment/home office
• We provide you the freedom to be creative and to learn from experts
• Possibility to grow with the company, gain new certificates
• Attractive benefit package

Applications from severely disabled and equally disabled people will be considered with equal suitability.
Please apply online in ONE with your CV and optionally a cover letter until: 04/26/2024 
If you have any questions, please contact:

Petra Rumpler
Petra.Rumpler@hydro.com