IT Manager - Ethical Hacking and Vulnerability Management - Vodafone Shared Services Romania

_VOIS (Vodafone Intelligent Solutions) is a strategic arm of Vodafone Group Plc, creating value and enhancing quality and efficiency across 28 countries, and operating from 6 locations: Albania, Egypt, Hungary, India, Romania, and the UK.

Over 26,000 highly skilled individuals are dedicated to being Vodafone Group’s partner of choice for talent, technology, and transformation. We deliver the best services across IT, Care, Business Intelligence Services, HR, Finance, Supply Chain, HR Operations, and many more. Established in 2006, _VOIS has evolved into a global, multi-functional organisation, a Centre of Excellence for Intelligent Solutions focused on adding value and delivering business outcomes for Vodafone.

_VOIS is proud to be an Equal Employment Opportunity Employer. We celebrate differences and we welcome and value diverse people and insights. We believe that being authentically human and inclusive powers our employees’ growth and enables them to create positive impact for themselves and society. We do not discriminate based upon age, colour, gender (including pregnancy, childbirth, or related medical conditions), gender identity, gender expression, and national origin, race, religion, sexual orientation, status as an individual with a disability, or other applicable legally protected characteristics.

Personal Specifications:

• University degree in IT security, 8+ years of IT Security experience including 5+ years of professional full-time ethical hacking/penetration testing/vulnerability assessment experience
• Manual and automated penetration testing experience with open source/ commercial tools covering areas application security, network/infrastructure security, smartphone/tablet security
• Industry recognised certifications Offensive Security, GIAC, ISECOM, (ISC)2, EC-Council, ISACA, ITIL
• Experience in a multi-national, shared services environment, IT intrastructure knowledge, including clear customer service and resolution of escalated issues,
• Cross cultural sensitivity, risk assessment experience
• Experience in compiling penetration testing portfolio/images/test environments, change management
• Experience in administration and configuration of vulnerability scanners and tools required for vulnerability assessments and penetration tests
• Experience in leading technical teams, Ability to articulate technical concepts and security risks to non-technical business owners and management
• Pre-sales experience of ethical hacking, ability to prepare/form ethical hacking agreement
• Excellent English language skills
• Good understanding of MSOffice, including Visio

Functional Skills:

• Strong organisation skills with high level of attention to detail
• Numerate – enjoys working with and analysing data
• Service oriented – delivers outstanding and consistent customer service
• Leading high performance teams over multiple locations
• Delivers results – focused, goal oriented and manages costs
• Enthusiastic – communicates with enthusiasm and clarity

Role Purpose:

Manage, operate and continuously develop the global Ethical Hacking and Vulnerability Management teams, services, supporting infrastructure and related TSB controls for Vodafone Group Technology Security serving Vodafone Local Markets and Group information security needs:
• Manage and develop virtual teams of highly skilled security and technical specialists based in multiple SSC locations (Hungary and India) to ensure quality delivery of best security solutions for the business and return on security investments (ROSI)
• Own and develop Global Ethical Hacking and Vulnerability Management capability, services and processes
• Plan and manage the budget required to operate and develop Ethical Hacking and Vulnerability Management services, controls and environments Group wide
• Define and drive the implementation of the Group level vulnerability management strategy
• Globally own and drive the implementation of vulnerability management, penetration testing, perimeter path analysis and cyber threat intelligence/management Technology Security Baseline (TSB) controls defined and mandated by Group Technology Security
• Have overall accountabililty for Vodafone branded Customer-premises equipment (CPE) internal security test processes and acceptance, Group CPE Security Requirements definition, maintenance and development
• Regularly present global vulnerability management status on Chief Technology Security Officer (CTSO) board meetings
• Manage and oversee all ethical hacking and vulnerability management projects delivered by the teams including the definition of scope and supervising test execution
• Review and approve project deliverables before submitted to Local Markets / test requestors
• Exploit synergies between vulnerability management and ethical hacking / penetration testing activities to ensure their maximum potential and value for business
• Manage and operate vulnerability scanning and assessment services in the Vodafone environment, push vulnerability remediation through the whole vulnerability lifecycle
• Accountable for the development and maintenance of security assessment and testing related Group level policies and standards
• Maintain, operate and develop the VSSB lab and EHVM environments, ensure ITIL compliance
• Maintain and develop process and operations documentation related to the managed systems, services and lab environment
• Ensure compliance with ISO27001 and PCI DSS requirements applicable to managed teams’ processes and activities
• Accountable for security assessments designed to highlight and clearly articulate risk to the business in terms they understand
• Produce relevant management information to key stakeholders
• Establish and manage processes and technologies necessary to ensure that sufficient assessment controls are in place to detect vulnerabilities across Vodafone infrastructure, services and applications
• Develop and manage vendor strategy, evaluate and work with vendors providing tools and technology for vulnerability assessment and testing
• Create and maintain SLAs and KPIs for services provided by the teams
• Provide regular and consolidated reporting on managed services and systems against established KPIs
• Supervise the work of the Ethical Hacking and Vulnerability Management teams and supporting contractors
• Ensure the quality / security management system in service operation

Key Accountabilities:

1. Manage Ethical Hacking Environment and Services
• Manage and operate Ethical Hacking services for Local Markets and Group entities on behalf of Group Technology Security
• Liaise with device and system owners, test requestors, project team, Group and Global Security Operation Centre (GSOC) and teams
• Keep up to date with system developments and assess usefulness to Vodafone deployment
• Extend and develop global Ethical Hacking capability, environment and lab to support increased demand for services
• Develop and present business cases for resources, tools and technologies required to deliver Ethical Hacking services
2. Manage Vulnerability Scanning/Management Environment and Services
• Manage and operate Vulnerability Management services for Local Markets and Group entities on behalf of Group Technology Security
• Liaise with device and system owners, test requestors, project team, Group and Global Security Operation Centre (GSOC)
• Keep up to date with system developments and assess usefulness to Vodafone deployment
• Extend and develop the vulnerability management environment to support increased demand for services
• Define and drive the implementation of the Group level vulnerability management strategy
• Develop and present business cases for resources, tools and technologies required to deliver Vulnerability Management services
3. Technical Support
• Oversee the Technical Support provided by the Team
• Act as escalation point for internal customers of the ethical hacking and vulnerability scanning infrastructure, applications and services
4. Reporting and Documentation
• Review and approve reports prepared for test requestors after penetration tests, ethical hacking and CPE security testing engagements
• Consolidate reports for Technology Security Management
SLAs and KPI Management
• Service, process and procedures documents used to manage systems and services
• Develop and maintain security assessment and testing Group level policies and standards
• Regular global vulnerability management status presentations on Chief Technology Security Officer (CTSO) board meetings
• Ensure that all design, operation and support documentation is kept up to date
5. Design and Architecture
• Develop, review and approve design material for security appliances and the Ethical Hacking and Vulnerability Management environments and VSSB lab
• Define, review and develop approach and milestones for implementation of Global Cyber Threat Intelligence and Management capability
6. Project Management
• Manage all Ethical Hacking and Vulnerability Management Projects and Programmes
7. Continuos Process Improvement (CPI)
• Develop Ethical Hacking and Vulnerability Management services, processes, toolset and environments
• Identify and propose new technical development possibilities beyond the current capabilities
• Develop and support best practice solutions and methodology
Support improvement initiatives
8. Compliance
• Ensure compliance with ISO27001 and PCI DSS requirements applicable to managed teams’ processes and activities
• Ensure ITIL compliance for the managed lab and testing environments
• Support internal control functions to meet the SOX requirements
9. Communicating with Impact
• Excellent articulation of security concepts and risks to senior management, business partners is essential
• Customer-focused “can-do” positive attitude to deliver excellent security service to business partners
10. Vendor Management
• Continuosly review, benchmark and select the best vendors, technologies and services helping to implement Vodafone Group security strategy
• Participate in quarterly vendor business review meetings (QBR) representing Vodafone interests and requirements in relation to vendors used to provide EH and VM services
• Review vendor product and service roadmap and its feasibility and value potential for Vodafone
• Drive vendor related problems and issues towards resolution for the benefit of Vodafone
• Articulate Vodafone’s feature requirements and priorities to vendor key account managers and support teams
• Participate in and drive proper global licensing agreements with vendors related to services and technologies required for TSB control delivery
11. Customer Excellence Management
• Customer/Local Market engagement is key to the role. Successful communication to customer technical level contacts and CTSOs is essential
• The ability to handle and provide support to other Group Technology Security functions and Local Markets in handling top priority issues, security incidents and threats with keeping customer focused attitude is vital
12. Security Awareness Training
• Holding hacking demos, overseeing the execution and reporting of phishing campaigns to raise and promote security awareness among Vodafone employees
• Particiate in and contribute to Group Security Awareness programs and local security initiatives is a key responsibility

What we offer:

• Private medical and dental care insurance;
• Life insurance;
• Dedicated employee phone subscription;
• Special discounts for gyms and retailers;
• Project specific training;
• A youthful and multicultural working environment with dedicated professionals and great development opportunities.


Don’t miss this unique opportunity to enjoy a high challenging profile role, to progress in your career and to develop experience within a world leading and multinational organization.

Vodafone Shared Services Center is part of a Global Services Center and will cater for Vodafone operations in different countries, as well as for the Vodafone Group. Our success comes from the outstanding people that make it happen for our customers every day!

We’re at our best when you’re at yours!

Vodafone
Power to you

Due to current immigration restrictions, we are welcoming applications from the persons who have the legal right to work in Romania (these means the citizens of EU countries).