Providing security incident management for industrial environments at Telefónica Tech. Utilizing various monitoring platforms to enhance security posture.
About the role
- Security Risk Specialist providing oversight and technical expertise in information and cyber security. Supporting robust risk management aligned with the Group’s Enterprise Risk Management Framework (ERMF).
Responsibilities
- Building relationships with risk and control owners acting as security risk specialist business partner to help deliver against customer, business and strategic outcomes.
- Providing pragmatic advice to support informed key risk decisions and trade-offs (balancing commerciality and risk appetite), being bold to ‘call it’, and influence senior decision makers.
- Proposing solutions to business problems, delivering oversight with insight and innovative thinking to address security risk challenges.
- Input into the implementation of a risk and control oversight plan to assess compliance to relevant laws, regulations, industry standards and established controls.
- Interpret new operational risk regulation and emerging security opportunities and threats accurately and adeptly.
- Forethinking the direction of travel and anticipating the impact of the proposed changes on the Group.
- Support control owners and specialists to implement control measures that are designed to achieve the control objectives.
- Regularly monitoring and validating the effectiveness of the design of control measures to ensure they are achieving the control objectives.
- Drive automation for risk and control measurement, monitoring, and reporting.
- Collaborate with security, data, and analytics teams to call out issues and define action plans, all in pursuit of sustainable risk management.
- Perform continuous monitoring and reporting of the Group’s exposure relative to risk appetite, highlighting any significant deviations.
- Identifies and develops key risk indicators and key performance indicators to enable appropriate monitoring.
- Support Security Risk Specialist colleagues, contributing to the design, implementation and continuous review and enhancement of risk policies and appetite, as well as the ongoing data-led Operational Risk control objectives to meet the needs of risk and control owners, control specialist teams, Audit and external regulators.
Requirements
- Deep operational expertise aligned to Information, Cyber, and Physical Security risk.
- The ability to assess and manage Security risk, including identification, establishing risk appetite, developing policies, ensuring compliance, designing effective controls, providing assurance oversight, and offering advice that balances risk and reward.
- Expertise in Information Security covering key areas such as asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations and software development.
- Demonstrable curiosity and understanding of the emerging technologies shaping the risk landscape (inc. AI, Digital Ledger Technology, Quantum).
- Experience of data analysis and statistical methods to interpret and quantify risk (e.g. Cyber Risk Quantification)
- Knowledge of relevant laws, regulation, industry standards and established practice in technical subject area.
- Effective decision-making, skilfully balancing trade-offs while understanding business strategy and opportunity risks.
- Experience of assimilating a range sources of data and complex information to effectively problem solve and make relevant conclusions and recommendations.
- Effective communication skills to build partnerships and work collaboratively with others, including Risk Owner, Control Owner and Control Office to meet shared objectives.
- The ability to work effectively with all other lines of defence and understands the different but complimentary roles.
- A future-focused mentality by being able to conceptualise and articulate a customer centric desired end state that has clear line of sight to our Group Strategy.
Benefits
- A generous pension contribution of up to 15%
- An annual performance-related bonus
- Share schemes including free shares.
- Benefits you can adapt to your lifestyle, such as discounted shopping.
- 30 days’ holiday, with bank holidays on top
- A range of wellbeing initiatives and generous parental leave policies
Job title
Job type
Experience level
Salary
Degree requirement
Location requirements
Information Security Manager responsible for steering InfoSec programs globally at ZEISS. Leading cross - functional initiatives and risk management strategies in a high - tech environment.
Senior Cybersecurity Incident Responder at ZEISS handling technical incident response activities. Collaborating with cyber defense teams to ensure effective incident management and resolution.
Endpoint Security Engineer at Booz Allen designing and operationalizing data protection controls. Safeguarding sensitive data across enterprise systems and leading technical operations.
Senior Security Adviser handling governance and US integration tasks at Boeing. Liaising with US - based partners and coordinating crisis management for international security operations.
Lead Industrial Security Specialist at Boeing assessing compliance with security programs and implementing corrective actions. Involves extensive travel and oversight of security protocols across multiple locations.
Senior Manager of IT overseeing operational security services for Xcel Energy. Leading teams to ensure compliance and effective risk management across enterprise security operations.
IT Security Administrator managing access control and audit evidence across systems at Xcel Energy. Involves training security staff and handling incident investigations.
Lead a multidisciplinary team at NXP focused on the proactive identification and analysis of security vulnerabilities in semiconductor products. Drive innovative approaches to security testing and team management.
Senior ML Security Engineer developing security tools and frameworks for ML workflows. Ensuring proactive vulnerability detection and compliance with ML security standards at NXP.