Senior IT Security Specialist

Senior IT Security Specialist

**Req Id**:17970

**Job Family**:Cybersecurity, Risk, Process and Control

**Location**:Rio de Janeiro, BR, 20021-290

**Description**:
**JOB ROLE**
- The IT Security Specialist is responsible for ensuring the effectiveness and security of SBM’s IT Security solutions in protecting SBM Offshore’s IT data and services.
- You advise within your area of expertise to ensure that SBM remains at the forefront of technological developments to identify innovative methods to reduce the risk profile of SBM Offshore.
- In the case of a Cybersecurity Incident, work with the security team to mitigate the risk introduced, recover, and investigate the Incident.

**RESPONSIBILITIES**
- To support, govern and contribute to a fully integrated and aligned IT Strategy across the SBM organization, you are to:_
- Always explore for areas of improvements within SBM Offshore’s IT Security landscape and propose solutions together with IT Enterprise Architect team
- Liaise, work together with
- and advise your colleagues within different locations and disciplines;
- Execute the processes and best practices necessary to work according to the direction and Strategy of Group IT (and make suggestions for improvement if required);
- Maintain all security related documentation and working instruction in the central repository;
- Ensure quality and accurate information of security assets in the CMDB
- Participate and support the Network, Software and System team in solving cross-discipline complex problems that involves security;
- Participate in Cyber Security activities and ICOSIT audits.
- Work on four main areas (Implementation, Support, Monitor, Report)
- Manage security incidents according to Incident Management Process
- In the case of a security incident be able to begin a forensic investigation.
- To ensure knowledge sharing and creating awareness amongst the IT community on your respective specialism, you are to:_
- Keep the IT community informed on any new initiatives and decisions taken that might have an impact on day-to-day business;
- Participate in cybersecurity project implementation when required;
- Ensure a cross functional alignment to minimize down-time within the overall IT landscape
- To ensure that you understand and manage your stakeholders and their requirements as well as having assigned activities completed successfully, you are to:_
- Understand, plan and deliver assigned tasks with accuracy to meet stakeholders’ needs in a timely manner;
- Identify areas requiring more detailed instructions and clarify as necessary with stakeholders to ensure no surprises;
- Complete tasks in compliance with applicable policies, standards and work procedures;
- Identify areas for potential cybersecurity risk issues and proactively communicate with stakeholders to resolve issues, share information and provide guidance as required;
- Seek clarification or guidance as soon as difficulties arise and recommend alternative solutions;
- Perform thorough self-check of all solutions prior to release for use by stakeholders;
- Properly plan work to allow adequate time for stakeholder feedback and adjustments to ensure intended functionality;
- Network with stakeholders to serve as a source of support in executing project
- Produce consistent/organized instructions in a well-structured format to convey required information to stakeholders

**JOB REQUIREMENTS**
- Solid experience in Cyber Security and Data Protection roles
- Familiar with hybrid security solutions, on-premise and cloud environment
- Must possess some relevant security related certifications - Cloud Security, Pentest, Vulnerability assessor, CompTIA Security +
- Must possess hands-on technical experience in minimum of 3 areas - AZURE Security, Pentest, Ethical Hacking, forensics, CIS Hardening,
- Possess the following technical hands-on experience will be added advantage - CES, Carbon Black, Bitdefender
- Able to travel overseas when required
- Deep understanding of ISA/IEC 62443 and NIST SP 800-82
- Knowledge of NIS2 directive
- Experience in design and management of Information Security solutions
- Advanced English level
- Willing to work in a hybrid setting (remote and on-site)