Director: Security Incident and Vulnerability Management

Want to be a part of our team?

The Director, Information Security is a senior management role responsible for overseeing and leading NTT's information security programme(s). This role plays a critical role in contributing towards the development of, as well as driving the implementation of NTT's security and governance strategy, frameworks, policies, and practices enabling a risk-free and scalable business operations. This role collaborates with cross functional teams, and senior leadership, and other stakeholders to maintain a robust and proactive information security posture.

Working at NTT

Key Roles and Responsibilities:

• Contributes towards the development and drives the implementation of an organisation-wide information security strategy aligned with the NTT's business objectives.
• Contributes towards establishing and maintaining information security policies, procedures, standards, and guidelines that comply with industry best practices and regulatory requirements.
• Oversees the identification, assessment and management of information security risks across the organisation, including data, systems, networks, and third-party relationships.
• Promotes a culture of security awareness among employees through training, education, and regular communication.
• Oversees the development and execution of incident response plans to effectively address and mitigate security incidents.
• Ensures NTT's compliance with relevant security regulations, laws, and industry standards.
• Assesses and selects appropriate security technologies and solutions to protect NTT's digital assets.
• Implements security monitoring tools and systems to detect and respond to security threats and providing regular reports to executive leadership and stakeholders.
• Stays informed about emerging security threats and industry trends to continuously enhance the organisation's security posture.
• Evaluates security risks associated with third-party vendors and service providers and implementing risk mitigation strategies.
• Effectively communicates security incidents, responses, and mitigation efforts to relevant stakeholders.
• Coordinates and manages internal and external security audits and assessments.
• Provides guidance and leadership to the information security team, ensuring adherence to security policies and procedures.

Knowledge, Skills and Attributes:

• Strong knowledge of security frameworks and standards (e.g., ISO 27001, NIST, CIS, etc.)
• Has knowledge about PCI, HIPAA, NIST, GLBA and SOX compliance assessments
• In-depth understanding of security technologies, tools, and best practices
• Excellent communication and presentation skills with the ability to effectively convey complex security concepts to non-technical stakeholders
• Strong leadership and team management skills to lead and motivate a diverse security team
• Strategic thinking and problem-solving abilities with a focus on delivering results
• Business acumen and the ability to align security objectives with overall business objectives

Academic Qualifications and Certifications:

• Degree in business administration or a technology-related field required (e.g., computer science, information technology, etc.)
• MBA or Masters in IT related field with a security focus preferred
• Related Cybersecurity, risk management and data privacy certifications preferred: CompTIA Security+, CISSP, CISM, CISA, and/or CEH

Required Experience:

• Significant experience in a combination of risk management, information security and IT roles in a global organisation
• Proven track record of successfully developing and implementing enterprise-wide information security strategies and initiatives
• Significant experience with contract and vendor negotiations and management
• Significant experience in Agile (scaled) software development or other best in class development practices
• Significant experience with Cloud computing / Elastic computing across virtualised environments
• Significant experience in risk management, compliance and regulatory requirements related to information security
• Significant working with national and international regulatory compliance frameworks such as NIST, ISO, SOX, EU GDPR, CCPA and PCI DSS
• Significant experience and working knowledge of the following areas of technical expertise: information policy formulation, information security management, business risk management, IT risk assessment and management, IT continuity management, IT governance formulation, and organisational change management, IT financial management and IT audit

Skills Summary

What will make you a good fit for the role?

Workplace type:

Hybrid Working

Equal Opportunity Employer

NTT is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, color, sex, religion, national origin, disability, pregnancy, marital status, sexual orientation, gender reassignment, veteran status, or other protected category