Location: Thailand / India / Malaysia / Vietnam / Phillippines / Singapore / Indonesia / Australia / Myanmar
*Not a relocation role
Open for External Reference: Yes
As the tech firm that created the mobile world, and with more than 54,000 patents to our name, we’ve made it our business to make a mark. When joining our team at Ericsson you are empowered to learn, lead and perform at your best, shaping the future of technology. This is a place where you're welcomed as your own perfectly unique self, and celebrated for the skills, talent, and perspective you bring to the team. Are you in?
Come, and be where it begins.
Our Exciting Opportunity:
MOAI has a team of security professionals supporting the business by setting the strategic direction for Information Security, IT Security, Privacy, Risk Management, Solution Security and Security Operations domains. The team provides support and guidance to all units in MOAI as well as other security and non-security functions cross Ericsson.
The MOAI Security Strategy & Risk Manager is overall responsible for ensuring that MOAI maintains order and uniformity in our Security Risks in line with Group Policies and Directives. Also, the MOAI Security Strategy & Risk Manager is responsible for maintaining a structured and proactive approach for strategy execution and driving the MOAI Security tactical plan.
The MOAI Security Strategy & Risk Manager reports to Head of MOAI Security.
Purpose of Job Role
The MOAI Security Strategy & Risk Manager is responsible in ensuring that we have a robust strategy/tactical plan developed and executed across all security domains. This function is also responsible for maintaining the MOAI security risk register in line with Group Directives. This role should ensure effective governance in MOAI and ensure security risks are managed and synchronized across all units in MOAI as well as with relevant stakeholders in all BAs/MAs/GFs. This role should ensure that risks are analyzed and categorized to make sure ISRA results can be presented to decision makers in a simple and comprehendible way.
This role belongs to JR 31184801 Security Management.
The MOAI Strategy & Risk Manager reports directly to the Head of Security MOAI and have the following responsibilities across the MA:
• Drive and coordinate strategy and tactical plan development and execution cross all domains in MOAI Security, ensuring targets are achieved.
• Support the Head of Information Security in MOAI with Information Security Risks Assessment (ISRA) process.
• Prepare material for governance meetings, e.g. MOAI Security LT, across all units. Be the point of aggregation in MOAI Security.
• Contribute to internal and external security assessments or audits.
• Ensure severe incidents are followed up on in SMB and other governance meetings and were applicable record decisions taken is such form.
• Drive and consolidate Security Improvement plan based on input from Risks, internal assessments, audits and ISMS maturity.
• Actively promote a well-functioning risk management practice in the MA.
• Follow up on all Risk Treatment Plans (RTP) and ensure execution.
• Handle risk escalations towards Group and other MAs/BAs.
• Manage MOAI exemptions including risk assessment and life-cycle of the exemptions.
• Analyze and consolidate key risks and trends in risk assessments.
• Quality assurance of risk assessments, e.g. ISRA – Information Security Risk Assessments, Privacy Impact Assessment (PIA), Business Impact Assessment (BIA), etc., and ensure data is aggregated to comprehendible decision material.
• Proactively support in improvements, simplification and automation of security and privacy risk management.
• Support the Head in Information Security in MOAI in ensuring that MOAI have the right level of ISMS implementation to be compliant with the ISO27001 standard.
• Ensure high and very high risks are escalated and followed up on in MOAI Security LT and other meetings, and where applicable record decisions taken is such forms.
• Ensure establishment and compliance of secure and appropriate storage, e.g. Eridoc, teams, Sharepoint etc.
• An annual Tactical Plan for MOAI Security.
• An annual Dashboard for reporting on the Tactical Plan.
• MOAI Security LT presentation material.
• Continuous tracking of risks and mitigations.
• Continuous tracking of security exemptions.
• Aggregated ISRA decision material.
• Audit material.
• Line Manager: Head of MOAI Security
• MOAI Security LT
• Group Security
• Enterprise Security Directors
• Customer Security Directors
• MOAI LT
• MOAI Strategy, Marketing & Communications
• MOAI compliance management
• BA/MA/GF Security Risk peers
• IT Security Risk function
• Adapting & responding to change
• Adhering to Ericsson principles & values
• Consultative approach
• Coping with pressures & setbacks
• Formulating strategies & concepts
• Deciding and initiating action
• Leading & supervising
• Persuading & influencing
• Planning & organizing
• Working with people
• Delivering results and meeting customer expectations
Personal traits and skills
• Drive Competence development
• Uncompromising integrity
• Excelling execution
• Embracing change
• Enabling people
• Courageous leadership
Qualifications and Experience
• Strong knowledge in Ericsson Security Policies, Directives and Instructions & knowledge of Ericsson business environment
• Strong educational and work experience in IT and Information Security with minimum 10 years of hands on experience in these domains
• Knowledge of Information Security related standards and regulation, including ISO/IEC 27001, ISO27005, ISO 31000, SOC
• Security and Risk Management training/certifications or equivalent experience
• Ability to communicate and collaborate effectively
• Strong problem-solving skills, results-oriented and a strong team player.
• Knowledge of internal and external product portfolio related to security
• Experience in project or program management
Why Join Ericsson?
At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build never seen before solutions to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next.
What Happens once you apply?
Click Here to find all you need to know about what our typical hiring process looks like.
Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we nurture it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team.
Background Check: All employment offers to join Ericsson are subject to satisfactory completion of our global pre-employment check.
We are proud to announce Ericsson SG has been again officially Great Place to Work Certified™ in 2022. Every year, more than 10,000 organizations from over 60 countries partner with the Great Place to Work® Institute for assessment, benchmarking and planning actions to strengthen their workplace culture and this Certification acknowledges our employees value their employee experience and our workplace culture