Information Security Manager

NTT is a leading global IT solutions and services organisation that brings together people, data and things to create a better and more sustainable future.

In today’s ‘iNTTerconnected’ world, connections matter more now than ever. By bringing together talented people, world-class technology partners and emerging innovators, we help our clients solve some of the world’s most significant technological, business and societal challenges.

With people at the heart of our success, NTT is committed to attracting and growing the best talent and providing an environment where everyone feels they can belong and their contribution matters.

**Want to be a part of our team?**

**Working at NTT**

Information Security Management has the responsibility to work closely with the Information Security Office (CISO) team to contribute in developing and enhancing the global Information Security Strategy and will have the responsibility and accountability for translating, directing, and implementing the global Information Security strategy across the NTT organisation. Incumbents within this role are responsible for technical leadership within the Information Security function and liaising closely with other managers on matters of Information Security. Information Security Management is responsible for safeguarding against current and future security risks. This role collaborates with other NTT key stakeholders and the broader NTT Information Security community to establish the vision, tenets, and comprehensive security strategy to mitigate risks. They will leverage their technical expertise and strong business acumen to define objectives, priorities, and establish appropriate milestones and actions to ensure the reduction of risk through the implementation of security controls and recommended mitigation strategies are delivered on, as committed to key senior management.

**Key Roles and Responsibilities**:

- Provide line management and mentorship of a team of Security Engineers, Security Consultants, Security Architects and DevSecOps Engineers
- Define the overall strategic security architecture vision in conjunction with the CSO - TPS
- Provide technical leadership on security initiatives
- Provide leadership and direction for the TPS Information Security staff embedded and distributed throughout the organisation
- Lead cross-functional teams in implementing Information Security
- Liaise with and provide SME advice on Information Security matters such as BAU security activities, emerging security risks and relevant security controls, across the TPS functions (such as Research & Development, Corporate IT Management, Governance, Risk & Compliance Management, HR and Legal, Product Engineering, Product Management and Operations) in addition to senior management, department heads and managers as necessary
- Work with department heads and other managers to champion the priority of security initiatives
- Deliver a “Center of Excellence” for Information Security, offering internal consultancy, advice and pragmatic assistance on Information Security risk and control matters throughout the organisation and promoting the advantages of managing Information Security risks more efficiently and effectively
- Provide leadership and strategic direction for the function, ranging from planning and budgeting to the value of Information Security & Certifications
- Build a culture of security and create a compelling security vision and strategy for the company
- Develop a layered defence strategy to protect our assets
- Function as an internal consulting resource on Information Security issues and incidents
- Provide strategic security oversight and risk guidance for projects and products, including the evaluation and recommendation of technical controls and solutions
- Mitigate enterprise vulnerabilities and reduce attack surface vectors identified through Security reviews and controls implementation
- Help ensure compliance with applicable data security laws, regulations, and customer requirements
- Develop, manage, and execute the TPS’ Information Security budget in collaboration with business stakeholders
- Security Architecture function:

- Commission Information Security risk assessments and controls selection activities
- Commission ongoing review and analysis of internal and external security risks/vulnerabilities, and develop/implement cost effective, proactive risk mitigation programs
- Security Engineering (build) function:

- Commission Information Security controls build processes for Security controls, client-build and new services build activities
- Security Assurance function:

- Oversight in implementing and maintaining Application Security tools, processes and best practices
- Commission Security Testing (penetration testing) for new projects, compliance and annual BAU testing
- Commission Vulnerability Management for new projects, compliance and ongoing BAU activities
- Use an integrated risk management approach t