Cyber Security Officer

Global Digital & Technology (D&T) has a worldwide responsibility for all

IT processes, solutions and services. The aim is to further enhance

HEINEKEN Global Functions by delivering common business driven

solutions and services.

The Global Information Security department is part of Global D&T and

has the overall responsibility of assuring that HEINEKEN's IT Risks are

properly managed, and information assets & technology is properly

secured.

Job purpose:

The Global Information Security teams include Cyber Defense

Operations (CDO), Security Competence Centre (SCC) and Security

Chapters (ERP, Enterprise Architecture, Data Privacy, etc.) to design,

implement, monitor, respond and assist with recovery activities against

cyberattacks. They deliver deep security and risk management

expertise to enable Product Teams and Global Functions to form a

proper 1st Line of Defense (Lod) by building the right capabilities into

their products (security by design) and support them.

The Global Information Security Director is heading the department and

responsible for the Global Information Security Strategy and

orchestrating all security activities within this department and relevant

stakeholders. He is part of the Global D&T Executive Leadership Team.

The Cyber Security Officer (CSO) is responsible for the management

and implementation of the global Cyber Security Strategy based on the

NIST Cyber Security Framework, to reduce the risk of a Cybersecurity

incident according to the risk appetite of HEINEKEN and the Global

Function, as well as to raise wider Global Function Cybersecurity

awareness.

Key responsibilities:

• Security Operations

• Implement global security strategies to maintain the continuity of systems and

update these based on local threats.

• Responsible for managing updates related to Global Function Security Standards

that are required due to local legislative requirements, in consultation with the

Global Information Security Specialist in line with HEINEKEN Security Strategy and

supporting the HEINEKEN Business Strategy.

• Responsible for Global Function security approvals regarding global services (e.g.

HeiNet), to maintain the highest level of security for the information and IT assets of

the company.

• Assist the Global Information Security department in the design of controls/

standards and procedures that have broad implications, requiring systems

integration of one or more technical platforms.

• Perform Risk reviews using the risk management procedure for all new Global

Function programs/services to be deployed in the Global Function operational

environment and veto programs which do not comply with HEINEKEN's security

standards.

• Monitor internal and external information security and cyber security policy

compliance, review and assess information security audits.

• Performs as per the prescribed frequency of the Information Security Maturity

Assessment (ISMA) and ensures that all related evidence is available in support of

the assessment.

• Monitor and ensure the timely closure of tasks related to audit and internal control

issues raised by e.g. Global Audit, External Audit, etc.

• Develops and manages the Information Security action plan to address identified

risks and non-compliances.

• Gains approval from the relevant management team on that action plan and its

related budget.

• Monitors and reports on the execution of that actions plan, reporting to the Global

D&T Function management team and centrally to the Global Information Security

Team.

• Analyse and challenge derogation requests regarding the ISP/TSP that Global

Functions could have with a new solution or program and communicate to the

Global Information Security Team and Design Authority for approval to protect the

HEINEKEN security environment.

• Drive resolution of cyber security incident responses and address security

vulnerabilities.

• Perform/guide/drive digital investigations upon the request of Global Function/HR or

Legal teams in case of breaches of HEINEKEN's Code of Business Conduct.

• If Global Function faces any critical IT security incidents or breakout, he/she is

responsible for the Global Function security incident which led to resolve in

consultation with the Cyber Defense Operations Team (CDO), Global Function D&T

Directors and Global Function Line Managers.

• Identify and perform independent analysis to resolve complex first-time issues

including the analysis of technical and economic feasibility of proposed security

systems/ solutions. He/she is also responsible for assisting the Global Information

Security department with any IT technical audit (e.g. Ethical Hack) to any Global

Function IT infrastructure or service that a 3rd Party offers to HEINEKEN with a valid

and open contract to ensure that security policies are in place.

• Advises Global Function teams for security requirements (e.g. Patching, Anti-Virus,

Vulnerability Management, etc).

• Security Awareness

• Drive training campaigns on cyber security awareness according to the global

security awareness program and based on the reality of Global Function.

• Security Strategy

• Responsible for identifying potential risks and recommendations on how to prevent

and/or avoid that risk within the Global Function.

• Collaborate with the Global Information Security Specialist to understand and

develop further the controls and processes required to improve information

security.

• Innovation

• Accelerates and Drives implementation of new Security strategies and standards

from global D&T towards the HEINEKEN Global Functions

• Provide security expertise across multiple technical platforms to various Global

Function stakeholders in all phases of solutions development (Ideation, Design,

build, test and deploy) and Operations.

Budget responsibilities:

Assigned to Global Function D&T Manager

Qualifications: Bachelor's or master's degree in business information technology or a related field Possesses relevant certifications, e.g. CISSP / CCSP / CISM / CISA / CRISC Experience /

skills required:

• 5+ years of working in the cyber security field and previous experience working as a cyber-security officer or manager.

• Has worked with relevant market standards such as NIST, ISO 27001, COBIT and relevant laws and regulations such as privacy laws.

• Experience in handling security incidents.

• Proven ability to dynamically assess risks, threats & threat actors.

• Able to work in a cross-functional environment; preferably a background in the FMCG industry

Requirements

skills required:

• 5+ years of working in the cyber security field and previous experience working as a cyber-security officer or manager.

• Has worked with relevant market standards such as NIST, ISO 27001, COBIT and relevant laws and regulations such as privacy laws.

• Experience in handling security incidents.

• Proven ability to dynamically assess risks, threats & threat actors.

• Able to work in a cross-functional environment; preferably a background in the FMCG industry

Sense of Business Urgency and safe-cautious mind to close critical gaps and reduce any security breach.

• Ability to explain complex technical processes to business stakeholders

• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change.

• Ability to work and team with a multitude of different people and different cultures (as appropriate).

• Display professionalism, customer service attitude, attention to detail and quality.

• Possess strong interpersonal skills, relationship management and negotiation skills, strong verbal, and written communication skills.

• Develop self and others through continuous learning, sharing best practices, knowledge, and expertise.

• Excellent management and leadership skills