Global IT Security Officer

SUMMARY OF THE JOB

The Global IT Security Officer helps deliver on the vision of Global IT Security Management and is accountable for information security and compliance for IT systems and applications across Holcim. The role will improve the IT Security posture of LH and reduce identified IT/OT risks by working as part of a global team, and in close alignment with Regional Security Officers and regional security teams. The overall target for this position includes:

● Implementing, executing and maintaining an Information Security & Governance Strategy in line with the Group IT security standards, in order to manage risk and achieve compliance with directives, legislation, policies and standard.

● Implement and sustain the Group Standard Information Security Framework.

● Ensure tools and policies are in place to assess and manage IT Security risks, vulnerabilities, and threats.

● Coordinate and align IT security relevant priorities across multiple internal and external teams.

● Ensure activities are appropriately focussed on effective remediation of top IT/OT risks as identified in annual Group IT risk assessments.

● Foster a corporate culture of compliance and security awareness and reinforce cultural changes through employee engagement, training and motivation to underpin all business activities.

RESPONSIBILITIES

● Defining and implementing IT Security policies, frameworks, procedures, tooling etc. ensuring alignment with the Group IT Strategy.

● Delivering project and change management activities associated with roll out of new/updated policies, frameworks, tools, procedures etc. across business and IT functions and processes.

● Designing and implementing suitable KPIs and reporting/dashboarding to provide visibility on progress against key objectives outlined in the IT Security Strategy.

● Managing the information security for applications on group and global (corporate) level.

● Establishing constant vigilance over critical information assets together with the Infrastructure & Operations Security team.

● Providing risk management advice to executive and senior management.

● Collaborating with the leadership and other stakeholders across the business functions to raise awareness of security risks, influence behaviors and making security an inherent part of the corporate culture.

● Protect the company’s critical IT assets (IT systems, applications and data) by identifying security issues, evaluating security risks and recommending strong protection solutions.

● Preparing the basis for security relevant management decisions.

● Actively support Regional Security Officers, as well as the Global IT Security team, with the development of protection concepts for the business.

● Bridge between technical specialists and management level by clearly explaining technical risks to the relevant stakeholders and making business risks clear.

● Providing information security support for projects and enquiries from other functions/stakeholders.

● Responding to security incidents and reporting to appropriate parties.

● Ensuring third parties and contractor security risks are assessed, managed and monitored through regular audit in collaboration with the Vendor Management team.

● Maintaining and improving processes for effective and accurate security/user administration.

● Ensuring delivery of information security training, documentation and support for the secure daily operation of IT systems.

● Establishing a culture of information security awareness and risk prevention across regional digital centres.

● Collaborating with other key IT roles to ensure information security measures do not prevent the users executing their duties.

● Stay on top of the latest news and advances in the technology and cybersecurity space.

JOB DIMENSIONS

Key figures

Global reach across 90 countries and 70,000 employees

Key interfaces, stakeholder and relationships

Internal: Internal: Regional Digital Centres,Holcim Security Operations Center, Global Infrastructure and Operations teams, application support teams, Group Internal Control, Group Internal Audit, Project Managers and Steering
Committees.
External: Consulting Companies; Service Providers.

PROFILE REQUIRED

Level of education/qualifications normally required

● Graduate degree in Business or Management; Bachelor’s degree in Computer Science, Engineering, or related discipline with an IT focus.

● Certifications: CISSP, CISM, CISA, CRISC ITIL, CMMI, ISO 27001 Lead Auditor.

Specific work experience

● 8+ years of experience in IT Security.

● Broad technical security knowledge of IT services, technology and IT solutions.

● Specific expertise in one or more of the following would be a plus:

o Cloud Security

o Network Security

o System/Infrastructure Security

o Industrial Control Technology (ICT/OT) Security

● Extensive experience in delivering IT security projects, assessments and audits.

● Experience in implementing Policies and Procedures in compliance with Information Security Management System Standards (ISO 27000 series).

● Strong knowledge of regulatory requirements, data privacy and security policies and standards.

● Broad knowledge of IT services, Technologies and IT solutions.

● Work experience in a related industry setting (cement, aggregate, ready-mix).

● Strong decision making skills and ability to challenge decisions of others.

● Practical experience of risk assessments & risk management.

● Practical experience of incident handling & response.

● Experience in implementing Policies and Procedures in compliance with Information Security Management System Standards (ISO 27000 series).

● Good negotiation skills with vendors, contractors and other suppliers.

Technical / functional skills

● Ability to develop and implement IT policies and governance.

● Ability to run information security audits and test cyber resilience.

● Deep knowledge of Information Security and Compliance standards (e.g. ISO 27001/2, GDPR, NIST, HIPAA, etc.).

● Strong knowledge and understanding of networking & infrastructure security, both on premise and in cloud (IaaS).

● Experience with setting up or working with a Security Operations Centre (SOC) and managing Cyber Security incidents and response.

● Experience with report and dashboard generation for IT and Non-IT stakeholders.

● Ability to review technical architecture documentation for demand/ project/ change proposals to identify security related risks or compliance concerns.

● Ability to conduct deep technical research into issues and products.

● Strong project management skills.

● Strong risk management skills.

● Ability to conduct research into application development issues and products.

Behavioral competencies

● Ability to deal with difficult situations, unclear priorities and blocking stakeholders.

● Ability to communicate openly and effectively with many diverse constituencies and stakeholders.

● Ability to work decisively under heavy workload.

● Ability to manage multi-cultural and geographically diverse teams.

● High willingness to drive transformation and service improvement.

● Strong customer / end-user / client service orientation.

● Highly self-motivated and directed.

● Keen attention to detail.

● Capability for problem solving, decision making, sound judgment, assertiveness.

Leadership and managerial abilities

● Strong relationship building and interpersonal skills.

● Ability to champion new initiatives and technologies – “Change Leader”.

● Ability to lead and inspire teams across companies and cultural barriers.

Linguistic skills

● Excellent English (written & spoken) - other languages are a plus.

Mobility requirements

Travels ~10% (estimate).

Apply for this job

*By applying to this job you expressly agree to the processing of all the above (personal) data, including any special categories of (personal) data entered by you or attached as a document, in accordance with the privacy policy of Holcim EMEA Digital Center. You have the right to request from us access to and rectification or erasure of your personal data or restriction of processing concerning you and to object to processing as well as the right to data portability in accordance with the EU General Data Protection Regulation. Click the Privacy policy to see the details.*