The selection, design, justification, implementation and operation of controls and management strategies to maintain the security, confidentiality, integrity, availability, accountability and relevant compliance of information systems with legislation, regulation and relevant standards.
- Information security
- Explains the purpose of and provides advice and guidance on the application and operation of elementary physical, procedural and technical security controls.
- Performs security risk, vulnerability assessments, and business impact analysis for medium complexity information systems.
- Investigates suspected attacks and manages security incidents.
- Uses forensics where appropriate.
- Actively maintains knowledge in one or more identifiable specialisms.
- Provides detailed and specific advice regarding the application of their specialism(s) to the organisation's planning and operations.
- Recognises and identifies the boundaries of their own specialist knowledge.
- Collaborates with other specialists, where appropriate, to ensure advice given is appropriate to the needs of the organisation.
- Within given research goals, builds on and refines appropriate outline ideas for research, including evaluation, development, demonstration and implementation.
- Applies standard methods to collect and analyse quantitative and qualitative data.
- Creates research reports to communicate research methodology and findings and conclusions. Contributes sections of material of publication quality.
- Uses available resources to update knowledge of any relevant field and curates a personal collection of relevant material. Participates in research communities.
Emerging technology monitoring
- Supports monitoring of the external environment and assessment of emerging technologies to evaluate the potential impacts, threats and opportunities to the organisation.
- Contributes to the creation of reports, technology roadmapping and the sharing of knowledge and insights.
- Investigates minor security breaches in accordance with established procedures. Assists users in defining their access rights and privileges. Performs non-standard security administration tasks and resolves security administration issues.
- Contributes to digital forensic investigations. Processes and analyses evidence in line with policy, standards and guidelines and supports production of forensics findings and reports.
- Maintains current knowledge of malware attacks, and other cyber security threats.
- Creates test cases using in-depth technical analysis of risks and typical vulnerabilities.
- Produces test scripts, materials and test packs to test new and existing software or services.
- Specifies requirements for environment, data, resources and tools.
- Interprets, executes and documents complex test scripts using agreed methods and standards.
- Records and analyses actions and results.
- Reviews test results and modifies tests if necessary.
- Provides reports on progress, anomalies, risks and issues associated with the overall project.
- Reports on system quality and collects metrics on test cases.
- Provides specialist advice to support others.
- Global IT
- Respective business function (GOPS, Finance, HR, Brand Marketing, Wholesale/Retail)
- HR Management
- Four-year college or university degree with focus on Business Administration or IT or related areas, or equivalent combination of education and experience
- Proficient spoken and written command of English
- At least 5-year experience in IT
- 2 year experience in relevant area
- 1 year of experience in team management
- Understanding of different culture
- Participated in projects with people from other functions/markets