1. Home
  2. IT development
  3. Site Information Security Officer (SISO) M/F

Offers “STMicroelectronics”

Expires soon
STMicroelectronics

Site Information Security Officer (SISO) M/F

  • Pacific (Franklin)
  • IT development
Apply Now

Job description



General information

Reference

2020-5886  

Job level

40 - Experienced

Position description

Posting title

Site Information Security Officer (SISO) M/F

Regular/Temporary

Regular

Job description

The purpose of the job is to ensure that the ST information security framework is deployed at the [site]  site, with the objectives that information security risks are known and managed appropriately.

The risks considered are those affecting the Confidentiality, Integrity and Availability of Company data hosted on computer systems (servers, PCs, mobiles, IT applications, SaaS…) and the cyber-attacks against industrial devices used for Company business.

Main activities

1. Infosec assurance at the site

·  Perform regular reviews to detect gaps at the site vs. InfoSec framework
·  Build and maintain the site InfoSec risks log, taking inputs from audits, site InfoSec reviews, requests from departments at the site, requests from Central InfoSec, site InfoSec survey, incident or anomalies
·  Run the site InfoSec survey organized by Central InfoSec, ensuring complete, accurate and timely response

2. InfoSec governance and support at the site

·  Regularly report the InfoSec posture of the site to site management
·  Support all functions at the site in implementing the InfoSec framework
·  Be the primary interface for the site with Central InfoSec, including for site-based InfoSec audits (certification, customer, internal) and actions triggered by Central InfoSec

3. InfoSec technical reference at the site

·  Ensure that the technical architecture at the site is maintained, especially for the cyber security zones
·  Participate to relevant IT CAB(s) at the site and help building work orders for the SOC

4. Site services and local solutions

·  Ensure security in local IT solutions / industrial solutions, site services (such as physical security, facilities and canteen systems), labs and warehouses
·  Ensure that site services follow the security procedures (security in contracts, connection to ST network, security for cloud services…)
·  Provide the required infosec support to achieve the above objectives

5. Security awareness

·  Promote InfoSec awareness campaigns and materials within the site, leveraging upon the initiatives at company level from Central InfoSec
·  Pro-actively propose initiatives to raise InfoSec awareness and, after agreement with Central InfoSec, deploy them within the site
·  Promote within the site the need to report InfoSec incident or anomaly using the right reporting channel
·  Use all opportunities to raise InfoSec awareness through the communication channels available at the site

6. Security incident management

·  Report InfoSec incidents and anomalies to Central InfoSec
·  Provide timely answers to CSIRT queries and help resolving cases

7. Infosec day to day operations

·  Support the preparation of security exception requests
·  Review requests at the site that require site InfoSec officer approval

Profile

This position is for a cyber-security professional with 5-10 years of experience covering several domains of information security.

·  Ability to cover the entire scope of information security
·  Expertise in several domains of cyber security (such as network, system, application, incident management, awareness, vulnerability management, audit and risk assessment…)
·  Experience in delivering security training and briefing sessions with management
·  Ability to interact with people at all levels of the organization
·  Excellent facilitation, communication and influence skills
·  Ability to treat several topics in parallel, to "clarify the unknown", to translate technical aspects into risks and to communicate on those risks
·  Ability to consider short-term as well as longer term actions and to anticipate.
·  Trustworthy and Rigorous.
·  High level of autonomy and pro-activity
·  Bachelor in information security or equivalent
·  Security certification is a plus (CISSP)
·  Language spoken at the site is a must, English at minimum B2 (CEFR scale)
·  Experience working in an international environment is a plus
·  This position may require occasional travels in ST worldwide

Position localisation

Job location

Asia-Pacific, Singapore, Ang Mo Kio

Candidate criteria

Education level required

4 - Bachelor degree

Experience level required

6-10 years

Requester

Desired start date

02/06/2020

Make every future a success.
  • Job directory
  • Business directory
    •