Information Security Officer

Regional Information Security Officer

In a constantly changing world, we work together with our people, clients and communities to enable them to fulfill their potential to do great things. We believe that by bringing everyone together, we can solve problems using innovative technology that can create a world that is sustainable and secure. At NTT, we encourage you to remain continuously curious, as that is what keeps you fast, flexible and relevant. No two days will be the same but that is what will help you grow and realize your full potential.



The power is in your hands to do great things. It’s time to lead the change, be the authentic you, to solve difficult challenges, to set the pace of change and to unleash your potential.



Want to be a part of our team?

The ISM supports the business, protects NTT’s brand and warrants compliance to our regulatory and contractual obligations. They will ensure strategic and operational alignment with the global objectives of Group Information Security Services and NTT Holdings.


They are accountable for the groups Information Security Management System (ISMS) regional alignment and implementation; ensuring that information security is effectively managed in all services and business functions within region. In addition to regional governance and oversight, the ISM will contribute to the groups global ISMS content development, maintenance and maturity.


They will lead (directly or indirectly) and coordinate technical staff so that the Group defined security strategy is implemented to achieve the certifications and compliance obligations of the group


Advises and reports to the Head of Security, I&T on all ISMS processes and compliance status.

Working at NTT



Security Program Management – Oversees and acts as a key stakeholder in managing the group’s information security program implementation within region or area of responsibility. Deliver a “Center of Excellence” for Information Security, offering internal consultancy, advice and pragmatic assistance on Information Security risk and control matters throughout the organisation and promoting the advantages of managing Information Security risks more efficiently and effectively. Manages personnel (direct & indirect), infrastructure, policy enforcement, emergency planning, security awareness, and/or other resources.



Risk Management - Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to ensure new and existing information technology (IT) systems meet the organisation’s information assurance and security requirements. Ensures appropriate treatment of risk, compliance, and monitoring assurance from internal and external perspectives. The ISM is accountable for maintaining a regional risk register (as per group template).



Information Systems Security Operations - Oversees and ensures that the appropriate operational security posture (e.g., network and system security, physical and environmental protection, personnel security, incident handling, security training and awareness) is implemented and maintained.



Vulnerability Assessment and Management - Conducts threat and vulnerability assessments and determines deviations from acceptable configurations or policies. Assesses the level of risk and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.



Enterprise Network Defence Analysis – Uses defensive measures and information collected from a variety of sources to identify, analyse, and report events that occur or might occur within the enterprise network in order to protect information, information systems, and networks from threats.



Systems Security Analysis - Conducts and documents the systems integration, testing, operations, maintenance, and security of an information environment. Coordinates risk, threat and mitigation strategies across the enterprise.



Systems Requirements Planning – Consults with stakeholders to guide, gather, and evaluate functional and security requirements. Translates these requirements into guidance to stakeholders about the applicability of information systems to meet business objectives.



Regional Information Security Advocacy – Communicates NTT & Groups Information Security strategy and viewed as a trusted advisor for Information security. Leadership and strategic direction for the function, ranging from planning and budgeting to the value of Information Security & Certification. Provide SME advice on Information Security matters such as emerging security risks and relevant security controls. Consults with stakeholders (Group/regional Legal, Compliance & Privacy Officers, Sales & Product Management) to guide, gather and support business requirements pertaining to Information Security.



Incident Response – Responds to security breaches to mitigate immediate and potential threats. Uses mitigation, preparedness, response and recovery approaches to minimise business disruptions & commercial consequences. Initiates problem management processes to ensure compliance to policy and ITSM processes. Investigates and analyses relevant response activities and evaluates the effectiveness of and improvements to existing practices.



Digital Forensics – Collects, processes, preserves, analyses, and presents digital-related evidence to support network vulnerability mitigation and/or civil, workplace, counterintelligence, or law enforcement (e.g., criminal, fraud) investigations.



Cyber Security Investigations – Applies tactics, techniques, and procedures to a full range of tools and processes related to administrative, criminal, and counter intelligence gathering (e.g., in-depth case analyses, continuous monitoring, malware analysis, clear documentation).



What will make you a good fit for the role?



Degree / Certifications – Information Technology



Security Certifications – CISSP or equivalent (Highly Desirable)



Experience

• At least 5 years’ experience with security consulting, gap analysis and risk assessments


• Experience with industry compliance and standards such as ISO 27000, PCI:DSS, NIST, HIPAA or others


• Security tools, techniques to cover SANS Top 25, OWASP or others


• Good working knowledge of infrastructure design, including network, storage and compute layers


• Experience working in a multi-team environment across multiple geographies

• Excellent understanding of security operational processes and controls


• Excellent project, analysis, problem solving, and business relationship skills


• Computer Science Degree or equivalent together with specialised training in new technologies and legacy systems

• Good interpersonal and consultative skills.


• Ability to map business needs to technology solutions


• Ability to discuss and report technology and information security risk with non-technology and executive business stakeholders


• Interpersonal skills with the ability to develop strong relationships


• Ability to engage and guide a team of engineers

• A team player willing to develop and share IP


• This position must be ardently attuned to security news, trends, risks, and events and be able to understand vulnerabilities and exploit code sufficiently to understand security implications and assess their impacts.


• Maintain up-to-date knowledge of security threats, countermeasures, security tools, and network technologies


• Conduct security assessments, Document findings, create reports and communicate recommendations to executive management in verbal and written format
• Experienced with tools such as IDS/IPS, Hacking (Penetration testing) tools, Vulnerability Management tools, Firewalls, VPNs, VMware, Honeynets, etc.
• Thorough understanding of Windows and Unix-based vulnerabilities and exploitation techniques
• Comprehensive understanding of operating systems, network architectures, and system administration


• Familiarity with network protocols

.