Senior IT Security Services Specialist

at  British American Tobacco

ESSENTIAL EXPERIENCE:

• Degree in Computing Science or related domains.
• At least 2+ years of professional experience in cyber security with a record of increasing scope and responsibility.
• 3+ years professional experience in IT services: Change management, Incident management, IT asset management, Service request management.
• Experience managing and communicating with business partners on different levels of the organization.
• Ability to translate technical language into readily understandable language for business users.
• Experience assessing cyber risks of projects, vendors, and technologies & understanding of cyber security management, technologies, architecture, and audits.
• Project Management experience in cyber security or IT.
• Business fluent language skills in English
• ITIL Certificate

TECHNICAL, FUNCTIONAL AND LEADERSHIP SKILLS:

• Knowledgeable of cyber security aspects related to networking, application development, ops, incident response, 3rd party vendor management and OT.
• End-2-end cyber security knowledge in different business areas (manufacturing, finance, marketing / eCommerce, HR, legal, supply chain, sales / trade, physical security).
• Understanding cloud and SaaS configuration management and risk reduction (focus on Azure and AWS) and how to protect and detect potential threats in those environments.
• Ability to think clearly, prioritize and make decisions under time-sensitive and high-pressure conditions.
• Business acumen, ability to articulate both businesses, commercial and technical ideas clearly and simply.
• Familiarity with network and system administration, including configuring and maintaining secure network infrastructure.
• Understanding of encryption technologies, secure coding practices, and security architecture design.
• Understanding of configuration for network devices, security tools, such as firewalls, intrusion detection systems, and antivirus software.

• Be the 1st point contact for cyber security matters in the Direct Reporting Business Unit (DRBU) and focus on continuous monitoring of security vulnerabilities.
• Establish and execute security remediation plan for infrastructure, hardware, and applications in line with business proprieties and Information & Digital Technology (IDT) leadership agenda. Track progress, overview budget and act as owner for all security remediation for DRBU.
• Maintain assets baseline in VMS and Balbix (IP ranges, hardware and any network device) & monitor application inventory in internal tool (LeanIX) is up to date.
• Deliver aligned cyber security KPIs in DRBU. Coordinate and execute actions needed to be on target.
• Risk assessments for projects coming from DRBU. Track all internal process requests for application evaluation (AURA) (security assessment work for new applications and technologies) for DRBU. Reassessments of risks after agreed time, to ensure continuous cyber compliance.
• Management of cyber risk with appropriate DRBU stakeholders.
• Collaborate with IT teams to ensure the implementation of secure network infrastructure and systems, as well coordinate with local IT representatives wherever necessary and functional Information & Digital Technology (IDT) teams for applications security remediation.
• Provide training material and awareness content for DRBU, prepare executive level updates on monthly basis.
• Be the Cyber focal point to support Cyber Incident response team with information and DRBUs contacts. Required during incidents and investigations.