Information Security Officer

**Role Purpose**:
The role is within the Security Operations team, develop to create a security office capability in our Bangalore office. The Information Security Officer will be responsible for owning, reviewing, and supporting various aspects of the Getronics security portfolio and activities, including but not limited to security incident management, vulnerability assessments, privileged access management, multi-factor authentication, process governance, and design reviews, documentation, and approvals. The information Security officer will also provide a supporting role for Security Managers.

Being conversant with modern security requirements and processes including ISO standards and the EU GDPR, PCI-DSS, SOX and ISAE3402 compliance experience is an additional asset.
Be aware of and conversant with the security services marketplace and developments.
Own any security contract relationships to ensure adherence to contracts and requirements.
Ensure adherence and implementation of Getronics Group security ISMS, policies, and processes in the operations teams.
Assist in the review and approval of responses to RFQ security questions.
Assist with audit requirements internally and externally working closely with our audit and compliance teams.
Ensure Security incident reporting policies and procedures are in place across the operations teams and communicated.
Evaluates security incidents and determine what response, if any, is needed and coordinates Getronics responses and the wider operations teams.
Act as security incident handler during security incidents. Working together with the operational teams, Major Incident Management, and other required parties during a security incident
Ensure processes are in place to ensure actions are taken when threats are identified, working closely with the wider operations and security teams

**Responsibilities/Accountability**:
Review, assess & recommended action for operational delivery services to ensure they are following security best practices & company policies, building security into day-to-day thinking and practices across the delivery.
Review and follow up on vulnerability management reports, prioritize remediation activities, and create, own and drive service request tickets with the relevant operational teams.
Review and follow up on penetration testing reports, prioritize remediation activities, and create, own and drive service request tickets with the relevant operational teams.
Own and support security incidents internally and for customers to ensure appropriate security expertise and management are provided, and support all operational teams were required during incidents to ensure security is adequately covered.
Assist in the design and documentation of security solutions, ensuring security by design/default is incorporated into everything Getronics delivers internally and to our customers.
Where required take ownership of operational plans to ensure all security commitments are addressed and continuous improvement plans (CIPs) are in place to address any gaps.
Working closely with the Security & Compliance team to develop the security strategy & roadmap in line with emerging threats & the changing landscape of IT Services.
Working closely with Security & Compliance team to continually develop the Security Profile for Getronics.
Working in collaboration with the wider Getronics business to continue to develop and document the Security portfolio offering generating all portfolio readiness collateral, propose & manage external security partnerships that would allow Getronics to offer in its portfolio specific security services and map this to renewals and pipeline.

Skills/Experience

Excellent Communications skills, B2/C1 level English is a must
Preferably educated to degree level in a technology discipline
Demonstrates knowledge of IS027001, ISO22301, EU GDPR & PCI-DSS, ISAE3402 SOC Type I & Type II
Ideally at least 5 years of experience in general IT, either in support, administration or security in a large multi-sector environment
Analytical thinking and problem-solving skills with a focus on results
Flexibility and ability to work in a multinational and multicultural environment in a 24×7 rota when required
Experience of multi-vendor-managed outsourcing environments.
Overseeing and conducting risk management activities (risk assessment, gap analysis, business impact analysis, threat and vulnerability evaluations, etc.) to help the enterprise reach an acceptable level of risk.

Qualification/Certification requirements

Industry accepted IT Security certification e.g. CISSP. CISM or ISSMP an advantage.
About Getronics

Getronics is an ICT Services group consisting of the Getronics and Connectis brands. With an extensive history that extends over 130 years, the Getronics family has 4000+ employees in 22 countries across Europe, Asia Pacific, Latin America, and has a complete portfolio of integrated ICT services for the large enterprise and public sector