Senior Manager: Compliance and Data Protection

Senior Manager: Compliance and Data Protection

About the job Senior Manager: Compliance and Data Protection

Key purpose:

Compliance and Data Protection Management is a global position that supports the NTT business by way of protecting NTTs brand, warranting compliance to its regulatory and contractual obligations. A critical component of this role is to ensure strategic and operational alignment to the global objectives of the Chief Security Office (CSO) and NTT Holdings. This role is accountable for the preparation, monitoring and implementation of controls for successful completion and maintenance of various compliance programs, including ISO27001, SOC etc. in line with the NTT Ltd Information Security Management System (ISMS), ensuring that information security is effectively managed in all services and business functions within region.

Duties and responsibilities:

• Monitor the development, evaluation and implementation of cybersecurity controls and ensure protection of company and allied assets and information
• Support and review customer and vendor contracts to understand and communicate compliance requirements.
• Consultant with business and technical leadership to ensure that data, processes and technology are designed for data protection and compliance
• Monitor investigations and documentation of cybersecurity compliance issues and incidents
• Review information security risk findings and non-compliance with business leaders and proposes solutions to mitigate risks
• Select, develop and evaluate a team to ensure the efficient operation of the function
• Contribute to the Group ISMS content development, maintenance and maturity
• Advise and report to the CSO on all ISMS operational controls, processes and compliance status
• Implement and Monitor information security operational requirements and information security design criteria and templates
• Review the security policy with the relevant 3rd parties ensuring that ISM service requirements are met and that integration into access management and security reporting occurs
• Log major service requests for ISM transition and ensure that service activation, knowledge transfer and change management processes take place
• Manage the prevention and resolution of security breaches and ensure incident and problem management processes are initiated.
• Perform baseline security reviews and monitor operational security activities according to the policy
• Develop, scope and discuss security service audit schedules, review access authorisation and perform the required access controls and penetration testing to identify security weaknesses
• Document improvement in service design and ensure that the required security plan is developed and reviewed

Experience:

• Demonstrable experience gained within the Technology Information Security Industry
• Demonstrable experience leading and coaching a team
• Required Qualifications and Certifications
• Relevant bachelors degree, such as a Computer Science degree or equivalent
• Security certifications ISO27001 Lead Auditor; CISA, CRISC or equivalent

Knowledge, skills and attributes:

• Relevant knowledge of information security management and policies
• Sound understanding of security operational processes and controls
• Demonstrable understanding of complex inter-relationships in an overall system or process
• Maintain up-to-date knowledge of security threats, countermeasures, security tools, and network technologies
• Relevant knowledge of technological advances within the information security arena
• Relevant solution and service knowledge
• Good interpersonal and consultative skills with the ability to map business needs to technology solutions Ability to discuss and report technology and information security risk with non-technology and executive business stakeholders
• Ability to display analytical thinking and a proactive approach
• Team player with the ability to display consistent client focus and orientation
• Ability to develop, define and articulate ISM strategies
• Good strategic thinking and decision-making abilities
• Good interpersonal skills with the ability to develop strong business relationships
• Ability to plan and organize, with good project management skills