SN Mgr Business Protection & Cloud Compliance
Milano, IT
Vodafone
Vodafone is a leading technology communications company in Europe and Africa, keeping society connected and building a digital future. Find out more!Role purpose:
The SN Manager Business Protection & Cloud Compliance provides leadership and direction through senior onshore, offshore and external professionals to reduce and avoid the risk of internal/external cyber-attacks by keeping VF infrastructure and services compliant to security requirements. This rote is fully accountable from a security and compliance point of view for all the activities private and public cloud related such as the VCI managed cloud assets (OCI and DRCC), the XaaS service environments (AWS, Azure and GCP) incl. the compliance and regulatory related work for CSB and SOX, such as UAM features on cloud. Furthermore, this role is accountable for the Group central vulnerability management, incl. scanning, detecting, and triggering remediation of vulnerabilities inside Group DC locations and Cloud.
The role is accountable to support and coordinate any actions related to S0 /S1 security incidents inside Group Datacenters and Public Cloud Service as well as managing and coordinating Cyber Security Action Notifications (CSAN) in scope of Group DC locations and private and public cloud.
Frequent interaction with Group Cyber Security (CSOC/CDIM) and VCI technology and E2E teams is required. The overall goal is to reduce and avoid the impact of internal / external cyber-attacks by keeping Vodafone cloud infrastructure and services compliant to security requirements to protect Vodafone customers, data, services, and brand.
The accountability of the this role includes and fully covers:
• Management, tracking and coordination for all critical security incidents with impact on the cloud environment and on-premise DC locations (S0, S1)
• Accountability for the security activities assigned to VCI in the Crisis & Emergency procedure with particular focus on ransomware attacks for cloud assets
• Develops, adapts and executes strategies on the technology and business needs with specific focus on security and risk reduction in order to protect VF infrastructure, products and services from internal/external cyber-attacks
• Security prevention: manage Cyber Security Action Notice (CSAN) and announcements inside the cloud perimeter and on-premise DC locations
• Ensure by management and coordination full cloud compliance with regards to Patching, VN Management, Hardening and endpoint protection
• Collaboration with VCI Public Cloud Services, technical / End-to-End teams, and Local Markets / Group Entities to implement security incident related actions
• Supervisor of UAM best practices in cloud environments and related compliance
• Definition, implementation, enhancement, and maintenance of a VCI “private & public cloud security governance framework” which fulfils the requirement of the applicable Cyber Security baseline controls for patching, hardening, vulnerability mgmt., UAM
• Management of private and public cloud security related improvements to close any compliance gaps affecting VCI
• Rollout to 100% coverage, maintain and manage the central Vulnerability Management function (on-premises and Cloud perimeter).
• Decisions are guided by major operational segment strategies and priorities (e.g P0 items of the Tech2025 strategy, Group Cyber goal framework )
Close interaction with supporting Group functions and alignment with key stakeholders inside Local Market /Group Functions is mandatory to successfully delivery on the role.
This includes:
• Functional management of and collaboration with the international VCI teams that carry out tasks related to security incidents on cloud infrastructure (overall governance).
• Acting as coordinator and/or focal point / single point of contact for “Security Incident Response” within the VCI organisation (S0/S1)
Key accountabilities and decision ownership:
• Manage S0, S1 security incidents with impact on VCI cloud perimeter
• Private & Public Cloud Security Compliance
• Response to security incidents and security notifications
• Accountable for SOX & CSB compliance inside Cloud
• Accountable for the central Vulnerability Management function
Key performance indicators:
• 98+% S0 / S1 incident support & CSANs managed within the timeline defined in the Group Cyber Security polices
• 95+% compliance of VCI private and public cloud services with the Cyber Security Baseline controls.
• 98% coverage and fulfilment of SLAs for central Vulnerability Management
Core competencies, knowledge, and experience:
• 10-12 years proven IT Service experience with knowledge of IT platforms, operating system, or application services
• Working experience in IT security, with a strong focus on incidents management and cloud security
• Strong read/write capabilities in English
• Structured, organized, and conscientious
• Very good coordination and communication abilities on complex and scaled contexts
Must have technical / professional qualifications:
• Bachelor’s / Master’s degree in IT engineering, business management or proof of comparable working experience
• Strong understanding of IT security
• Solid understanding of private & public cloud architecture
• General background of IT service management
• Experience with the ISO 27000 norms family; general understanding of risk management concepts, SOX, PCI-DSS, GDPR, ITIL and agile/SAFe methodologies
Experience in coordination and management of functional work within international teams.
Reports:
Direct reports: 5
Dotted reports: > 30 (VOIS TSSI, TSSR)
Location: Italy - Milan
Who we are
You may have already heard of Vodafone - We're a leading Telecommunications company in Europe and Africa. But what you might not know is that we are continuously investing in new technologies to improve the lives of millions of customers, businesses and people around the world, creating a better future for everyone.
As part of our global family, whether that's Vodafone, Vodacom or _VOIS, you'll feel a sense of pride and purpose as you contribute to our culture of innovation. We pursue equality of opportunity and inclusion for all candidates through our employment policies and practices. We recognise and celebrate the importance of diversity and inclusivity in our workspace and we do not tolerate any form of discrimination especially related to but not limited to race, colour, age, veteran status, gender identification, sexual orientation, pregnancy, ethnicity, disability, religion, political affiliation, trade union membership, nationality, indigenous status, medical condition, HIV status, social origin, cultural background, social, or marital status.
Together we can.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile AWS Azure Cloud Compliance CSOC GCP GDPR Governance Incident response ISO 27000 ITIL Risk management SLAs SOX Strategy Vulnerabilities Vulnerability management
Perks/benefits: Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Information Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Security Consultant jobs
- Open Security Operations Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Information Security Architect jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Agile-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open DevSecOps-related jobs