SN Mgr Business Protection & Cloud ComplianceAt Vodafone, we're working hard to build a better future. A more connected, inclusive and sustainable world. As a dynamic global community, it's our human spirit, together with technology, that empowers us to achieve this.
We challenge and innovate in order to connect people, businesses, and communities across the world. Delighting our customers and earning their loyalty drive us, and we experiment, learn fast and get it done, together.
With us, you can be truly be yourself and belong, share inspiration, embrace new opportunities, thrive, and make a real difference.
The SN Manager Business Protection & Cloud Compliance provides leadership and direction through senior onshore, offshore and external professionals to reduce and avoid the risk of internal/external cyber-attacks by keeping VF infrastructure and services compliant to security requirements. This role is fully accountable from a security and compliance point of view for all the activities private and public cloud related such as the VCI managed cloud assets (OCI and DRCC), the XaaS service environments (AWS, Azure and GCP) incl. the compliance and regulatory related work for CSB and SOX, such as UAM features on cloud. Furthermore, this role is accountable for the Group central vulnerability management, incl. scanning, detecting, and triggering remediation of vulnerabilities inside Group DC locations and Cloud.
The role is accountable to support and coordinate any actions related to S0 /S1 security incidents inside Group Datacenters and Public Cloud Service as well as managing and coordinating Cyber Security Action Notifications (CSAN) in scope of Group DC locations and private and public cloud.
Frequent interaction with Group Cyber Security (CSOC/CDIM) and VCI technology and E2E teams is required. The overall goal is to reduce and avoid the impact of internal / external cyber-attacks by keeping Vodafone cloud infrastructure and services compliant to security requirements to protect Vodafone customers, data, services, and brand.
The accountability of this role includes and fully covers:
Management, tracking and coordination for all critical security incidents with impact on the cloud environment and on-premise DC locations (S0, S1)Accountability for the security activities assigned to VCI in the Crisis & Emergency procedure with particular focus on ransomware attacks for cloud assetsDevelops, adapts and executes strategies on the technology and business needs with specific focus on security and risk reduction in order to protect VF infrastructure, products and services from internal/external cyber-attacksSecurity prevention: manage Cyber Security Action Notice (CSAN) and announcements inside the cloud perimeter and on-premise DC locationsEnsure by management and coordination full cloud compliance with regards to Patching, VN Management, Hardening and endpoint protectionCollaboration with VCI Public Cloud Services, technical / End-to-End teams, and Local Markets / Group Entities to implement security incident related actionsSupervisor of UAM best practices in cloud environments and related complianceDefinition, implementation, enhancement, and maintenance of a VCI "private & public cloud security governance framework" which fulfils the requirement of the applicable Cyber Security baseline controls for patching, hardening, vulnerability mgmt., UAMManagement of private and public cloud security related improvements to close any compliance gaps affecting VCIRollout to 100% coverage, maintain and manage the central Vulnerability Management function (on-premises and Cloud perimeter)Decisions are guided by major operational segment strategies and priorities (e.g P0 items of the Tech2025 strategy, Group Cyber goal framework)Close interaction with supporting Group functions and alignment with key stakeholders inside Local Market /Group Functions is mandatory to successfully delivery on the role.
This includes:
Functional management of and collaboration with the international VCI teams that carry out tasks related to security incidents on cloud infrastructure (overall governance)Acting as coordinator and/or focal point / single point of contact for "Security Incident Response" within the VCI organisation (S0/S1)Key accountabilities and decision ownership:Manage S0, S1 security incidents with impact on VCI cloud perimeterPrivate & Public Cloud Security ComplianceResponse to security incidents and security notificationsAccountable for SOX & CSB compliance inside CloudAccountable for the central Vulnerability Management functionKey performance indicators:98+% S0 / S1 incident support & CSANs managed within the timeline defined in the Group Cyber Security policies95+% compliance of VCI private and public cloud services with the Cyber Security Baseline controls98% coverage and fulfilment of SLAs for central Vulnerability ManagementCore competencies, knowledge, and experience:10-12 years proven IT Service experience with knowledge of IT platforms, operating system, or application servicesWorking experience in IT security, with a strong focus on incidents management and cloud securityStrong read/write capabilities in EnglishStructured, organized, and conscientiousVery good coordination and communication abilities on complex and scaled contextsMust have technical / professional qualifications:Bachelor's / Master's degree in IT engineering, business management or proof of comparable working experienceStrong understanding of IT securitySolid understanding of private & public cloud architectureGeneral background of IT service managementExperience with the ISO 27000 norms family; general understanding of risk management concepts, SOX, PCI-DSS, GDPR, ITIL and agile/SAFe methodologiesExperience in coordination and management of functional work within international teamsReports:Direct reports: 5
Dotted reports: > 30 (VOIS TSSI, TSSR)
Location: Italy - MilanWho we areYou may have already heard of Vodafone - We're a leading Telecommunications company in Europe and Africa. But what you might not know is that we are continuously investing in new technologies to improve the lives of millions of customers, businesses and people around the world, creating a better future for everyone.
As part of our global family, whether that's Vodafone, Vodacom or _VOIS, you'll feel a sense of pride and purpose as you contribute to our culture of innovation. We pursue equality of opportunity and inclusion for all candidates through our employment policies and practices. We recognise and celebrate the importance of diversity and inclusivity in our workspace and we do not tolerate any form of discrimination especially related to but not limited to race, colour, age, veteran status, gender identification, sexual orientation, pregnancy, ethnicity, disability, religion, political affiliation, trade union membership, nationality, indigenous status, medical condition, HIV status, social origin, cultural background, social, or marital status.
Together we can.
Vodafone is committed to attracting, developing and retaining the very best people by offering a motivating and inclusive workplace in which talent is truly recognised and rewarded. We are committed to promoting Inclusion for All with the belief that diversity plays an important role in the success of our business. We actively encourage everyone to consider becoming a part of our journey.
#J-18808-Ljbffr
