Information Security Officer

At NTT we believe that by using innovative technology we can solve global challenges and create a world that is sustainable and secure. We are looking for curious people, from diverse backgrounds, that are keen to work in a fast-paced and agile environment.

At NTT we trust our employees to do the right thing, even when no one is watching, which is why we offer flexibility in the workplace. The majority of our roles are hybrid, meaning we encourage a balance of working from home and our local office. Ask our recruitment team if this is a hybrid role.

**Want to be a part of our team?**

The purpose of the position is to support the business, protecting Merchants, Dimension Data and NTT brands, guaranteeing compliance to regulatory and contractual obligations, taking accountability for the information security management system (ISMS) regional alignment and implementation. Ensuring that information security is effectively managed in all services and business functions within

orgnisation.

**Working at NTT**

**Security Program Management**
- Oversees and acts as a key stakeholder in managing the organisations’s information security program
- Delivers a “Centre of Excellence” for information security, offering internal consultancy, advice and pragmatic assistance on information security risk and control matters throughout the organisation
- Promotes the advantages of managing information security risks more efficiently and effectively.
- Manages employees (direct & indirect), infrastructure, policy enforcement, emergency planning,
- security awareness, and/or other resources.

**Risk Management**
- Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to ensure new and existing information technology (IT) systems meet the organisation’s information assurance and security requirements.
- Ensures appropriate treatment of risk, compliance, and monitoring assurance from internal and external perspectives.
- Maintains a regional risk register and reports to Risk & Compliance manager as defined.

**Information Systems Security Operations**
- Oversees and ensures that the appropriate operational security posture (e.g., network and system security, physical and environmental protection, personnel security, incident handling, security training and awareness) is implemented and maintained for an information system and or programs.
- Consults with stakeholders (group/regional Legal, Compliance & Privacy Officers, Sales & Product Management) to guide, gather and support business requirements pertaining to information security.

**Vulnerability Assessment and Management**
- Conducts threat and vulnerability assessments and determines deviations from acceptable configurations or policies.
- Assesses the level of risk and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.

**Enterprise Network Defence Analysis**
- Uses defensive measures and information collected from a variety of sources to identify, analyse, and report events that occur or might occur within the enterprise network in order to protect information, information systems, and networks from threats.

**Systems Security Analysis**
- Conducts and documents the systems integration, testing, operations, maintenance, and security of an information environment.
- Coordinates risk, threat and mitigation strategies across the enterprise.

**Systems Requirements Planning**
- Consults with stakeholders to guide, gather, and evaluate functional and security requirements.
- Translates these requirements into guidance to stakeholders about the applicability of information systems to meet business objectives.
- Provides strategic direction for the function, ranging from planning and budgeting to the value of information security & certification

**Incident Response**
- Responds to security breaches to mitigate immediate and potential threats.
- Uses mitigation, preparedness, response and recovery approaches to minimise business disruptions & commercial consequences.
- Initiates problem management processes to ensure compliance to policy and ITSM processes.
- Investigates and analyses relevant response activities and evaluates the effectiveness of and improvements
- to existing practices.

**Digital forensics**
- Collects, processes, preserves, analyses, and presents digital-related evidence to support network vulnerability mitigation and/or civil, workplace, counterintelligence, or law enforcement (e.g., criminal, fraud) investigations.

**Cyber security investigations**
- Applies tactics, techniques, and procedures to a full range of tools and processes related to administrative, criminal, and counter intelligence gathering (e.g., in-depth case analyses, continuous monitoring, malware analysis, clear documentation).

**Knowledge**
- 5 years’ experience in Technology Information Security Industry
- Proven knowledge of security risks and preventative contr