Role Purpose
Role Purpose:
1. A Secure by Design Manager in the Global Cyber Strategy & Secure by Design team acts as the interface between the technical disciplines and the business to carry out technically orientated security assessments, setting security requirements for new products and services, and also assessing compliance and risk.
2. The Secure by Design Manager also has an important advisory role across the business and is required to provide security design and architecture guidance as well as general security consultancy, acts as cyber coach to agile projects and programme teams to ensure that future infrastructures or products for Vodafone globally are secure.
What you’ll do
Main Job Responsibilities:
3. Impact on the business – This role will provide that all global products, services, and infrastructure for Enterprise customers, consumers, or being used internally by Vodafone are secure by design and will meet an appropriate technology security level, and demonstrate that all potential risks are being mitigated to an acceptable level to in order to assure the confidentiality, integrity and availability of systems and data.
4. Customers, supplier and third parties – provide advice and guidance to internal and external customers on security related matters. Define, communicate and ensure that suppliers and third parties understand and comply with Vodafone’s security standards.
5. Leadership and teamwork – Leadership and teamwork are essential this role, the Secure by Design manager needs to work closely with the business and technology architecture teams, design and operations teams, and with the other security teams Risk & Compliance, Ethical Hacking, Security Operations, and Corporate Security. The role holder will also be required to manage external resource and coach Security Champions in the agile teams
6. Innovation and change – This person will help change the perception that security is an inhibiter, and work to demonstrate that security can be a business differentiator by enabling the business with secure by design for its products and services.
7. Communication –Must have ability to communicate security requirements and risks to all levels of the business. The experience to explain complex technical matters to non-technical business executives is crucial. The role, is expected to give clear guidance for implementing security controls in complex environments.
Who you are
Core Competencies, Knowledge and Experience:
8. The individual should have profound professional senior experience in information technology, Cyber security as well as experience with security in agile ways of working, good knowledge/experience with securing of complex cloud environments (Azure required, preferably also one or more in the area of AWS, GCP, OCI)
9. Profound knowledge and experience in tenant security, secure transformation and migration of data center environments (on-prem/Cloud/Hybrid), network infrastructure, Cloud service models (like IaaS / SaaS / PaaS,..), Critical Infrastructure and business requirements.
10. Preferably knowledge on Azure Defender solutions, MS security portals and Zero Trust model frameworks
11. Engineering / operational experience on secure cloud migration
Must have technical / professional qualifications:
12. University degree in Information Security or equivalent
13. One or more of the following: CISSP, CCSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor, GIAC, TOGAF, SABSA or equivalent
14. One or more of: MS Azure certifications
15. Optional preference: Cloud Security certifications
16. 5+ years work experience in the field of cyber security
17. 5+ years experience Azure Cloud Service Security