The Infrastructure Security Practice forms part of the Enterprise Information Security Office (EISO) at SITA. Our mission statement is to ensure the infrastructure supporting the SITA products and solutions meets defined corporate, market and regulatory compliance requirements so it can enable SITA’s business objectives.
The team provides both leadership and governance in the secure development and operations of SITA’s infrastructure (DevSecOps). The remit covers all the shared and dedicated infrastructure supporting SITA as a business, as well as that used to deliver our products and customer solutions.
This is an existing role in SITA to provide governance for infrastructure security design & development. This is an ideal role for someone interested in a career in information security management.
KEY RESPONSIBILITIES
- Capture requirements driven by SITA’s security Policy & Standards, the global regulations we operate under (Critical National Infrastructure, Data Security), our customer’s needs and SITA’s evolving threat landscape.
- Define the product roadmap for technical security controls protecting SITA business systems, offices and networks.
- Develop an understanding of the wider security technology and vendor landscape, incorporate this into your planning.
- Analyze data and make reasoned assumptions to draw insight in support of decision making
- Communicate and justify plans to SITA leadership, operational teams, and other stakeholders to gain acceptance and support.
- Follow the SITA technology governance and purchasing processes to select technologies and vendors including running RFPs and competitive bids.
- Manage vendor relationships.
- Lead virtual, cross-functional teams to productize technical security controls through the SITA agile product innovation framework.
- Own the whole product lifecycle for the technical security controls.
- Financial modelling, business case creation and engagement with investment governance and financial reporting.
- Establish yourself as a Subject Matter Expert.
- Support audits, incidents, and escalations.
- Present to regulators, industry bodies and other external stakeholders.
EXPERIENCE
- 3+ years’ experience in a complex IT environment.
- Degree in a technical discipline (e.g. Information Security, Computer Science, Engineering, Mathematics, etc.) or sufficient work experience to demonstrate proficiency at this level.
KNOWLEDGE & SKILLS
- Understanding of IT services (cloud & on-premise), ideally with a Managed Services provider (IT / security / telecoms).
- Business analytical skills (data analysis & presentation).
- IT security governance qualification (CISSP, CSSP, CISM, CRISC).
- Previous experience in information security with a high-level understanding of security frameworks (e.g. ISO 27001, NIST CSF, CSA CCM).
- Previous experience of Agile and / or DevOps methodologies.
- Experience of risk management applications (OneTrust)
We're all about diversity. We operate in 200 countries and speak 60 different languages and cultures. We're really proud of our inclusive environment. Our offices are comfortable and fun places to work, and we make sure you get to work from home too. Find out what it's like to join our team and take a step closer to your best life ever.
🏡 Flex Week: Work from home up to 2 days/week (depending on your team's needs)
⏰ Flex Day: Make your workday suit your life and plans.
🌎 Flex-Location: Take up to 30 days a year to work from any location in the world.
🌿 Employee Wellbeing: We have got you covered with our Employee Assistance Program (EAP), for you and your dependents 24/7, 365 days/year. We also offer Champion Health - a personalized platform that supports a range of wellbeing needs.
🚀 Professional Development: Level up your skills with our training platforms, including LinkedIn Learning!
🙌 Competitive Benefits: Competitive benefits that make sense with both your local market and employment status.
