IS Department Manager for GBS IS Security Expertise

Your responsibilities

• Collaborating with the Corporate IS Information Security, Corporate IS Governance Risk and Compliance, GBS IS Consumer Excellence, GBS IS Capabilities, GBS IS Domains, Business IS and 3rd Party IS Suppliers to ensure understanding of existing business requirements, new service demand and security design and roadmap.
• Establishing and delivering risk driven guidance and resilience testing services aiming to improve overall security posture across ABB IS landscape and minimize potential negative business and reputation impact in case of security incident.
• Promoting secure software development practices and providing risk quantification, advanced security consulting / advisory and application resilience validation services across ABB IS landscape in alignment with Corporate IS Information Security guidance, design, and roadmap. Ensuring periodic security posture reporting to the business and suggesting risk driven resolutions.
• Implementing effective interfaces between local/corporate IS teams for all security activities and, where required, ensuring adherence to demands in line to agreed service level agreements (SLAs), that agreed time, budget and quality specifications are met. Implementing department’s practice expertise leading to improved efficiency or operational functionality.
• Providing timely and accurate reporting for all security services delivery to
• various Corporate IS or Business IS functions.
• Building strong relationship with key stakeholders in Corporate IS Functions, Business IS and GBS IS. Ensuring that tracking and monitoring of performance of service delivery through all channels (human, digital, self-service, automated) is carried out, metrics and reports are analyzed, and issues are resolved to meet agreed service levels.
• Establishing and monitoring a comprehensive risk focused monitoring metrics to ensure efficient delivery of security services meeting business requirements. Developing and maintaining process for interaction and communication between Corporate IS, Business IS, GBS IS esp. Architecture and Domains to enable risk-based decisions.
• Participating in technological strategy development and planning to ensure build in security. Constantly improving services and solutions to provide better security protection and incident detection across the ABB landscape.
• Proactively developing and maintaining appropriate Security competence within the department, ensuring alignment to given IS goals, ABB Group Regulations and Guidelines, IS Architecture and IS Security best practices. Giving input for the development of IS internal security Policies and Standards.
• Collaborating with Corporate IS, GBS IS Capabilities Architecture, GBS IS Domains and Business IS to understand related business process demand to existing or new relevant IS solutions.
• Managing senior security professionals and groups. Determining and delegating management responsibilities. Setting performance objectives, and monitoring progress against agreed quality and performance criteria. Initiating, developing, and monitoring effective performance management processes. Setting the example for proactively building working relationships within the team, Corporate IS, GBS IS Domains, Businesses and Consumers.
• Living ABB’s core values of safety and integrity, which means taking responsibility for your own actions while caring for your colleagues and the business.

Your background

• Bachelor’s or Master’s degree in Information Technology, Computer Science, Software Engineering, or a related qualification, and/or proven capability through past employment experience.
• 15+ years of Information Security and/or Information Risk Management experience with at least 6 years in leading service delivery and security operations.
• Very strong skills in risk assessment and management, consultancy, secure software development life cycle and application resilience validation (scanning, Penetration Testing, Ethical Hacking etc.).
• Strong experience in security services operations from design, launch and maintenance across network, end point, datacenter/cloud, vendor management etc.
• Practical experience in common information security management frameworks, such as International Standards Organization (ISO) 2700x, National Institute of Standards and Technology (NIST) 800-53.
• Excellent leadership skills to manage and motivate distributed, international teams, experience in building strong relationships with internal and external stakeholders.
• Strong knowledge of the following areas of technical expertise: information security management and governance, IT risk assessment and management, IT Audit, the overall context of business processes and IS technologies.
• Excellent written and verbal communication skills, and ability to present com-plex and technical issues to diverse audiences including senior management.
• ITIL 4 Foundation certification required.
• CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), Certified Cloud Security Professional (CCSP) certifications required.