18 December 2020
Define and implement GS1 Information and Cyber Security strategy and action plans in collaboration with all stakeholders. The scope of responsibility includes GS1 Global Office and what is necessary for the GS1 federation. Role purpose can be broken down into five core responsibilities/key functional competencies:
- Information security management
- Support all functions in Global Office and in the federation to identify security needs/risks, develop, implement, and monitor security solutions
- Definition and implementation of Security services
- Governance of information and cyber security
- Trends monitoring
Information security management
- Develop and maintain an information security strategy and a yearly action plan for GS1 (not limited to GO but addressing as well an end-to-end community view)
- Develop information security standards/procedures and guidelines
- Define a maturity model that provides a consistent language to recognize and describe the stages of progress of information security activities
- Coordinate information security across GS1
- Monitor the effectiveness of information security arrangements, including conducting audits
- Report on the progress and results of the strategy, establish a cybersecurity dashboard.
Support all functions in Global Office and in the federation to identify security needs/risks, develop, implement, and monitor security solutions
- Proactive support, expertise, tools/techniques to Industry communities, programs, standards management, product management, IT, shared services for the development, implementation, and review of:
- Information classification and organization,
- Information risk assessments / compliance assessment (together with legal),
- Major business or IT projects with security requirements,
- Identity and access management,
- Protection of the information, threat assessment, use of cryptography,
- Software security and cloud security,
- Security aspects of external supplier management (together with legal, procurement and finance),
- Business continuity programmes,
- Awareness programme on information security, embedding expected security behavior.
Definition and implementation of Security services
- Define with Product and IT a set of security services and ensure they are implemented (e.g. identity services, authentication services, cryptographic services, network protection, SOC - Security Operations Center, …), which provide a coherent range of security capabilities (e.g. as part of a security architecture).
- These services will be focused at the beginning on Global Office but may later be extended to the GS1 federation.
- Oversee the detection, investigation, and resolution of information security incidents, manage crisis.
- Prepare security related topic for the Board Committee for Services & Technology (BCST), including validation of the security policy, reporting on security plans and results.
- Advise GS1 CEO, GS1 Chair and more generally key GS1 stakeholders on information and cybersecurity and get strong support from them.
- Communicate regularly with GS1 governance bodies about the strategy, action plans and progress (Management Board, Global Forum, Regional Forum, Advisory Council, …).
- Maintain contact with counterparts in the commercial world, government, and law enforcement agencies, and with security experts in computer/software companies and service providers.
- General business trends relevant for GS1 (business, data, …) and legislation or regulation related to information security (e.g. those concerning data breach notification, data privacy, digital signatures, and industry-specific standards).
- Technology developments (e.g. mobile application development, machine learning, virtualization, encryption standards).
- Information security solutions (e.g. Federated Identity and Access Management (FIAM), Enterprise Mobility Management (EMM), Data Leakage Prevention (DLP), EndPoint Detection & Response tools (EDR)…).
- Industry/international information security-related standards (e.g. ISO/IEC 27001 and 27002, COBIT 5 and NIST Cybersecurity Framework).
- Legislation or information risk management frameworks, methodologies or equivalent (e.g. FAIR, ISO/IEC 27005and COSO ERM Framework).
- Engineer or equivalent, with 5 years' higher education in information technology
- 10 years' IT experience in the field of security and cybersecurity
- Expertise in all areas of the Information System is essential
- Fluent in English, oral and written is mandatory
- Generates innovative solutions in work situations
- Demonstrates passion, energy, and drive in his/her work
- Ability to work with globally distributed team
- Organizational, analytical, verbal and written communication skills
- Hands-on experience with Microsoft PowerPoint, Teams, Excel, Outlook, Word, Zoom.
- Ability to effectively communicate with both highly technical and non-technical persons seamlessly
- Ability to manage multiple projects simultaneously
- Excellent time management skills
- Client-focused and results-oriented
- Ability to effectively cope with change and comfortably handle risk and uncertainty
- Mature political sensitivity to work across a diverse community of interests and cultures
- Effective relationship builder – one on one, one to many, internally and externally, small and large organisations
- Aligns team performance for success
- Coaching and Developing People
- Boundary Spanning Effectiveness - can get things done across multi-functional areas; works well within a matrix organization
- Operates in a manner that demonstrates honesty; keeps promises and honours commitments (“walks the talk”); behaves in a consistent manner
This job may require up to 20% global travel.
How to apply:
Send your application with CV to:
- Blue Tower, Avenue Louise 326, bte 10
- B-1050 Brussels, Belgium
- Tel: + 32 2 788 78 00
- E-mail: email@example.com
Responses will be treated quickly and with strict confidentiality.