Reporting to the GCISO, the Region / Value Chain (VC) Security Leader serves as the process owner for all ongoing activities that serve to provide appropriate access to and protect the confidentiality and integrity of employee and business information in compliance with organization policies and standards for Bunge and the assigned Region (VC).
He / She will serve as IT Risk and Security advisor to the Region (VC) CIO and business and have a dotted line relationship with the Region (VC) CIO.
Core Functions :
Assist GCISO in the implementation of the IT Risk and Security program within the Region (VC).
Act as an advocate for Global ITRS and Region (VC) as it applies to IT Risk and Security.
Work with network of security technicians, administrators, and vendors who safeguard the company’s assets, intellectual property and computer systems for the given Region (VC) aligned with Global.
Identify protection goals, objectives and metrics consistent with corporate strategic plan for the Region (VC).
Manage the development and implementation of Key Risk Indicators, global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security.
Physical protection responsibilities will include asset protection, access control systems, and more. Information protection responsibilities will include network security architecture, network access and monitoring policies, employee education and awareness, and more.
Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary for the Region (VC).
Serves as an internal information security consultant to the CIO and Region (VC).
Ensures appropriate level of documentation for security policies and procedures.
Initiates, facilitates, and promotes activities to create information security awareness within the organization.
Facilitates Risk Control Self Assessments. Advises on mitigation strategies and tracking.
Implements information security policies and procedures for the organization.
Reviews all system-related security plans throughout the organization’s network, acting as a liaison to Information Systems.
Monitors compliance with information security policies and procedures, referring problems to the appropriate department manager.
Advises the Region (VC) with current information about information security technologies and related regulatory issues.
Assist in the selection and implementation of technical controls.
Monitors the internal control systems to ensure that appropriate access levels are maintained.
Qualifications / Requirements :
Bachelor’s degree in Computer Science or a related field
Experience in project management and change management
Knowledge of information security and access technologies
Demonstrated experience with assessing risks and develop ping risk mitigation security measures to ensure the confidentiality, integrity and availability of all company IT assets
Knowledge of IT control frameworks such as COBIT, ITIL and ISO 27001
5 years of experience in IT Risk and Security or 10 years of experience in IT
Minimum of one certification in CISSP, CISA, CRISC and / or CISM
Must be an articulate and persuasive leader who is able to communicate security-related concepts to a broad range of technical and non-technical staff
Prior experience in auditing, and risk management, as well as contract and vendor negotiation
Must have solid understanding of information technology and information security
Excellent communication skills required
Experience with security awareness programs
Proficiency in English required