Chief Information Security Officer - Group Services
Southfield, MI, USA | NTT
Industry:Telecommunications & Wireless
Functions:IT / Information Technology
Job Description:59 people have viewed this job
At NTT we believe that by using innovative technology we can solve global challenges and create a world that is sustainable and secure. We are looking for curious people, from diverse backgrounds, that are keen to work in a fast-paced and agile environment.
At NTT we trust our employees to do the right thing, even when no one is watching, which is why we offer flexibility in the workplace. The majority of our roles are hybrid, meaning we encourage a balance of working from home and our local office. Ask our recruitment team if this is a hybrid role.
Want to be a part of our team?
The Chief Information Security Officer – Group Services, supports the business, protects NTT Ltd and brand, warranting compliance to our policies, regulatory and contractual obligations. They will ensure strategic and operational alignment with the global objectives of the Office of the Information Security Services (ISS) and NTT Holdings.
In alignment with the Group Chief Information Security Officer within NTT Ltd, the Chief Information Security Officer – Group Services, will support the orchestration of all security activities within the NTT Ltd Services divisions; in particular, NTT Security; Managed Network and Collaboration Services (MNCS); Managed Cloud and Infrastructure Services (MCIS), as well as Information Security Operations. The Chief Information Security Officer – Group Services will also interact with outside organisations such as clients, business partners, standards-setting bodies, and industry associations for security-related matters.
They are accountable for the groups Information Security Management System (ISMS) Services alignment and implementation, ensuring that information security is effectively managed in all services and business functions. In addition to Services governance and oversight, the Chief Information Security Officer – Group Services, will contribute to the groups global ISMS content development, maintenance and maturity.
The Chief Information Security Officer – Group Services is charged with setting a cooperative tone for, establishing a proactive and responsive organisational culture for, and defining the strategic direction of security-related units throughout the Services divisions.
Key Roles and Responsibilities:
- Primary role is to understand the Groups services technology and service delivery model in line with its business requirements and go to market strategy.In conjunction with Services business stakeholders, they are responsible for development and execution of the strategic business plan for the secure delivery of products and services.
- Deliver an integrated security strategy, manifested in a periodically updated one year and five-year security plans.
- Support and guide the Services divisions on appropriate security Certifications for sales enablement and achieve certifications as directed by the business through an approved & budgeted work plan.
- Appropriately maintain compliance and audit obligations to existing standards and certification obligations (e.g., Contractual, regulatory & or legal).
- Orchestrates and harmonises security-related business process standardisation, normalisation, documentation, and continuous improvement across all services divisions.
- Uses an integrated risk management approach to create executive-level perspectives on, and status reports about, all the security risks that Services manages.
- Collaborates with other members of the Services management team to establish appropriate priorities for security-related objectives such as resiliency, continuity, recoverability, and defensibility against risks.
- Is a technology specialist and will provide senior mentorship, thought leadership and technical guidance to Services stakeholders.
- Communicate technical problems, and solutions, to a diverse audience composed of highly skilled technical and non-technical persons including clients, internal and third-party auditors, employees, and company executives.
- Responsible for safeguarding against current and future security risks within NTT Ltd Services Units.This global leader will collaborate with the organisation’s key stakeholders and the broader NTT Ltd Information Security community to establish the vision, tenets, and comprehensive security strategy to mitigate risks and ensure the protection of business units that comprise Services.
- Leverage their technical expertise and strong business acumen to define objectives, priorities, and establish appropriate milestones and actions to ensure the reduction of risk through the implementation of security controls and recommended mitigation strategies are delivered on, as committed to key senior management.
- Routine line management and leadership of staff within the Information Security Service function and dotted line management of Security Engineers.
- Define our overall strategic security vision through a five-year plan.\
- Provide leadership and direction on security initiatives across the company.
- Recruit, lead, train, and mentor.
- Recruitment, leadership and direction of a loose network of Information Security staff embedded and distributed throughout the organisation.
- Lead cross-functional teams in implementing Information Security solutions throughout Services.
- Liaison with Governance, Risk & Compliance Management to ensure Internal Audit, Compliance and Certification requirements are met.
- Work with department heads and other managers to champion the priority of security initiatives.
- Deliver a “Center of Excellence” for Information Security within Services, offering internal consultancy, advice and pragmatic assistance on Information Security risk and control matters throughout the organisation and promoting the advantages of managing Information Security risks more efficiently and effectively.
- Leadership and strategic direction for the function, ranging from planning and budgeting to the value of Information Security & Certifications.
- Build a culture of security and create a compelling security vision and strategy for Services.
- Develop a layered defence strategy to protect Services assets.
- Designing and building an advanced Security Operations function.
- Function as an internal consulting resource on Information Security issues and incidents.
- Mitigate Services vulnerabilities and reduce attack surface vectors identified through Security compliance reviews and controls implementation.
- Commission risk assessments, Security Architecture design reviews, and project security reviews ensuring key applications and products are assessed for risk.
- Help ensure compliance with applicable data security laws, regulations, and customer requirements.
- Commissions Information Security risk assessments and controls selection activities.
- Commissions ongoing review and analysis of internal and external security risks/vulnerabilities, and develop/implement cost-effective, proactive risk mitigation programs.
- Commissions Information Security controls build processes for Security controls, client build and new Services build activities.
- Shared Services Security Operations function, including but not limited to:
- Operate and maintain security baseline specifications.
- Protect and Detect risks against services assets.
- Enable audit and compliance requirements through security operational functions.
- Reduce duplicate certification/operational costs across different environments through centralising and streamlining operational efficiency across security platforms.
- Enable and embed Security orchestration and automation software to lower headcount and skillset requirements for managing and maintaining security operational functions to support both internal and client consumed services globally.
- Collaborate, facilitate roadmaps and maintenance feedback to Director Information Security for inclusion in Dev Sec Ops programs of work.
- Establish global standards on security operational processes and management to streamline yearly compliance of Security Certifications across all platforms.
- Champions Application Security best practices within Group Services.
- Commissions Security Testing for new projects, for example PCI compliance and annual BAU testing.
- Commissions Vulnerability Management for new projects, compliance and ongoing BAU activities.
- Commissions Information Security controls to ensure certification and policy compliance.
Knowledge, Skills and Attributes:
- Must be an intelligent, articulate and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff.
- Should have experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation.
- Highly developed technical capability across a broad range of Security products/solutions.
- Ability to map business needs to technology solutions.
- Must have a solid understanding of information technology and Information Security.
- Good knowledge of security risks and preventative controls.
- Good understanding of security operational processes and controls.
- Interpersonal skills with the ability to develop strong relationships.
- This position must be ardently attuned to security news, trends, risks, and events and be able to understand vulnerabilities and exploit code sufficiently to understand security implications and assess their impacts.
- Maintain up-to-date knowledge of security threats, countermeasures, security tools, and network technologies.
- Motivation and drive to succeed.
- Strong industry and market awareness.
- A strong client service orientation.
- Ability to negotiate / influence.
- Good project, analysis, problem-solving, and business relationship skills.
- Computer Science Degree or equivalent together with specialised training in new technologies and legacy systems.
- Demonstration of NTT Ltd.’s core values of Pro-activity, Teamwork, Professional Excellence, Partnership, Personal Commitment and Multi-Cultural Strength.
Academic Qualifications and Certifications:
- Degree / Certifications – Information Technology
- Security Certifications – CISSP or equivalent (Highly Desirable)
- At least 8 - 10 years’ experience in Technology Information Security Industry
What will make you a good fit for the role?
- Visionary, inspires efforts; influences long-term strategy
- Prepares people for unidentified challenges/uncertainty
- Sets direction/strategy for more than one functional area or geographical marketplace, where each one has its own leader
- Develops organisation-wide policies and authorises their implementation
- Has in-depth org knowledge of organisation as well as external factors effecting the organisation
- Promotes innovative and new concepts and ideas
- Influential inside and outside the organisation
- Internally and externally interacts with C-suite and consultants
- May negotiate with clients on extremely critical matters
- Influences long-term vision that has corporate consequence
- Mistakes will impact the company’s viability
Already a member? Sign In