Information Security Manager

As an Information Security Manager, you’ll be responsible for the security of the organisation’s information assets. You will develop and implement a strategy to protect sensitive data from loss or theft while ensuring that business operations are not disrupted.

Information Security Management has the responsibility to work closely with the Information Security Office (CISO) team to contribute in developing and enhancing the global Information Security Strategy and will have the responsibility and accountability for translating, directing, and implementing the global Information Security strategy across the NTT organisation. Incumbents within this role are responsible for technical leadership within the Information Security function and liaising closely with other managers on matters of Information Security. Information Security Management is responsible for safeguarding against current and future security risks. This role collaborates with other NTT key stakeholders and the broader NTT Information Security community to establish the vision, tenets, and comprehensive security strategy to mitigate risks. They will leverage their technical expertise and strong business acumen to de ne objectives, priorities, and establish appropriate milestones and actions to ensure the reduction of risk through the implementation of security controls and recommended mitigation strategies are delivered on, as committed to key senior management.

**Requirements**:

- Manages the development, deployment and execution of controls and defences to ensure the security and risk mitigation of company infrastructure technology, information systems and digital payment systems.
- Identifies cybersecurity architecture, goals, objectives and metrics; analyzes business needs and priorities for protection of critical systems.
- Monitors systems for cybersecurity vulnerabilities, threats and events, oversees incident response planning, and leads vulnerability audits and forensic investigations.
- Evaluates potential business impacts from security breaches and provides strategic and tactical guidance to business decision-makers.
- Develops and executes security systems compliance policies and procedures. Selects, develops and evaluates personnel to ensure the efficient operation of the function.

**Key Roles and Responsibilities**
- Provide line management and mentorship of a team of Security Engineers, Security Consultants, Security Architects and DevSecOps Engineers
- Define the overall strategic security architecture vision in conjunction with the CSO - TPS
- Provide technical leadership on security initiatives
- Provide leadership and direction for the TPS Information Security staff embedded and distributed throughout the organisation
- Lead cross-functional teams in implementing Information Security
- Liaise with and provide SME advice on Information Security matters such as BAU security activities, emerging security risks and relevant security controls, across the TPS functions (such as Research & Development, Corporate IT Management, Governance, Risk & Compliance Management, HR and Legal, Product Engineering, Product Management and Operations) in addition to senior management, department heads and managers as necessary
- Work with department heads and other managers to champion the priority of security initiatives
- Deliver a “Center of Excellence” for Information Security, offering internal consultancy, advice and pragmatic assistance on Information Security risk and control matters throughout the organisation and promoting the advantages of managing Information Security risks more efficiently and effectively
- Provide leadership and strategic direction for the function, ranging from planning and budgeting to the value of Information Security & Certifications
- Build a culture of security and create a compelling security vision and strategy for the company
- Develop a layered defence strategy to protect our assets
- Function as an internal consulting resource on Information Security issues and incidents
- Provide strategic security oversight and risk guidance for projects and products, including the evaluation and recommendation of technical controls and solutions
- Mitigate enterprise vulnerabilities and reduce attack surface vectors identified through Security reviews and controls implementation
- Help ensure compliance with applicable data security laws, regulations, and customer requirements
- Develop, manage, and execute the TPS’ Information Security budget in collaboration with business stakeholders
- Security Architecture function:

- Commission Information Security risk assessments and controls selection activities
- Commission ongoing review and analysis of internal and external security risks/vulnerabilities, and develop/implement cost effective, proactive risk mitigation programs
- Security Engineering (build) function:

- Commission Information Security controls build processes for Security controls, client-buil