Description Join our Team About this opportunity: At Ericsson, we are currently seeking a dedicated professional to join our team as a Cybersecurity Compliance Specialist. This role is a key component of our Managed Security Services (MSS) portfolio, designed for leading security practices in network monitoring, detection, incident handling, and threat investigation. As a part of our team, you will ensure the optimization of information assets and contract security, conducting vulnerability scanning and assessments, and securing contract compliance.
What you will do: Lead and perform assessment, gap analysis, audits in accordance with the audit plan developed by conducting Internal Security audits, Risk assessment and recommend mitigation controls and advise on mitigation strategies to internal and external partners for identified gaps including risk and exception management.
Owning the client account deliverable for Managed Security Services. Executing and ensuring timely and quality completion of Information System Management System (ISMS) & Minimum Baseline Security Standard (MBSS) - Network Hardening deliverable for client organizations based on CIS Benchmarking Standards, Ericsson Security Manager (ESM) or equivalent.
Manage Governance, Risk and Compliance including supporting customer's wanted position on Security Maturity Model Implementation and Assessments. Lead and carry out Information Security Risk Assessment (ISRA), Business Information Assessment (BIA) and Business Continuity Action Plan (BCAP), Treatment Plan, Privacy Impact Assessment as well as Business Continuity.
Taking ownership and lead the review of Identity Access Management (IAM), Privileged Access/Identity Management (PAM/PIM) alongside customer and continuously improve the security posture. This includes User Access Matrix (UAM) and User Access Review (UAR) as per agreement with customer based on their policies and standards. Manage data security and privacy requirement from customer to ensure data protection processes are adhered to.
Drive improvement programs internally and externally. This may also cover any sort of data protection plan (DPP) or consent form which may be required to be reviewed and updated from time to time based on business or customer needs. Conduct internal and external training/session/awareness workshop on cyber security/compliance or equivalent or any additional request.
The skills you bring: - Certified Lead Implementer in ISO 27001:2013 is a bonus.
- CISSP, CISA, CISM and ITIL certifications will be an advantage
- Exposure of PAM solution such as Beyond Trust, CyberArk
- Good level of understanding in IPS, IDS, Email Security, Encryption, DLP, End Point Security, End Point Detection and Response (EDR), Sandboxing.
- Understanding of Privacy compliance on GDPR, PDPA. Oversee data protection and privacy initiatives, ensuring that the organization collects, processes, and stores data in accordance with applicable laws.
- Exposure to SOC environment and tools (e.g., Nessus/Tenable ,Arcsight, Splunk, Openvault, QRadar, Tripwire, Burp suite), UEBA, SOAR, Threat Hunting would be an advantage.
- Ability to articulate and work with multiple senior stakeholders to design programs that meet the requirements of the customer and are aligned to business needs.
- Analytical thinking, attention to detail, result oriented and able to work under pressure and tight datelines.
- Very good knowledge and understanding of Managed Services delivery model and its processes, with special focus on Managed Security Services would be an advantage.
- Effective communication skill
Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world's toughest problems. You´ll be challenged, but you won't be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next.