Platform Security Lead

Job Title: Platform Security Lead

Job Location: Bangalore

ABOUT UNILEVER:

Be part of the world’s most successful, purpose-led business. Work with brands that are well-loved around the world, that improve the lives of our consumers and the communities around us. We promote innovation, big and small, to make our business win and grow; and we believe in business as a force for good. Unleash your curiosity, challenge ideas and disrupt processes; use your energy to make this happen. Our brilliant business leaders and colleagues provide mentorship and inspiration, so you can be at your best. Every day, nine out of ten Indian households use our products to feel good, look good and get more out of life – giving us a unique opportunity to build a brighter future.

Every individual here can bring their purpose to life through their work. Join us and you’ll be surrounded by inspiring leaders and supportive peers. Among them, you’ll channel your purpose, bring fresh ideas to the table, and simply be you. As you work to make a real impact on the business and the world, we’ll work to help you become a better you.

ABOUT UNIOPS:

Unilever Operations (UniOps) is the global technology and operations engine of Unilever offering business services, technology, and enterprise solutions. UniOps serves over 190 locations and through a network of specialized service lines and partners delivers insights and innovations, user experiences and end-to-end seamless delivery making Unilever Purpose Led and Future Fit.

Business Context and Main Purpose of the Role

Unilever is one of the world’s leading suppliers of Food, Home, and Personal Care products with sales in over 190 countries and reaching 3.4 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Persil, Dove, Knorr, Domestos, Hellmann’s, Wall’s, Ben & Jerry’s, Marmite, Magnum, and Lynx. Faced with the challenge of climate change and the need for human development, we want to move towards a world where everyone can live well and within the natural limits of the planet. That’s why our purpose as Unilever is ‘to make sustainable living commonplace’.

At Unilever, we’re determined to achieve a culture where everyone can thrive, a culture where all individuals are treated fairly and respectfully, and where their uniqueness is celebrated. We’re taking a holistic approach that focuses on how we can use the scale and reach of our business to have the greatest impact in our own workplace and beyond. We’ve set clear goals to eliminate any bias and discrimination in our policies and practices, accelerate diverse representation in our leadership, and remove barriers for people with disabilities. At the same time, we’re setting out to spend more with diverse businesses and increasing representation of diverse groups in our advertising. Find out more about our commitment to equity, diversity, and inclusion on our website.

Unilever’s Cyber Security organization is a multi-disciplinary team responsible for protecting the Confidentiality, Integrity and Availability of our Information and Operations. Our Cyber Security organization runs a 24x7 Security Operations Centre, oversees a robust Security Architecture and  associated technology landscape, provides Cyber Security Solution Engineering and Risk Advisory to our business, and assesses the security of our vast technology estate, including factories, to name but a few areas. Cyber Security sits as part of the Business Operations organizations, as a peer to Unilever’s Technology and Data functions and the broad Supply Chain agenda. Cyber Security is tasked with elevating, reporting on and influencing enterprise cyber security risk mitigation across Unilever. The Cyber Security function is made up of the Governance, Risk, Assurance, and Compliance (GRAC) team, the Tech & Ops team, the BISO teams, and the Office of the CISO.

Role Purpose:

This Platform Security Lead role is responsible for identifying and assessing the cyber risk related to the Core Managed Technology estate.  This role will partner closely with the business to advise and support the Foundational Technology Products owners to define and implement risk mitigation strategies in line with the business risk appetite. This includes cyber risk assessment for the Technology foundations including infrastructure, technology operations/services, cloud, and enterprise-wide applications (e.g. SAP, Workday). The Platform Security Lead oversees a team of security solution engineers and security risk consultants who continuously risk assess Unilever’s managed technology estate. The Platform Security Lead area of the CISO Programme is responsible for representing our central security services to the managed estate, applying those services to determine gaps and vulnerabilities in the managed estate posture, consulting on appropriate risk mitigation approaches, managing the security exceptions for the managed estate, and reporting the same into the GRAC team.  The Platform Security Lead team will be responsible for participating in cyber incident response across their area of influence, as led by the Head of Incident Response, and for elevating and reporting cyber security risks into the central Cyber Security function. These activities will be conducted with a ‘Risk Based’ approach to assist the managed technology estate to address cyber risk in their area.

Role Summary:

A vacancy exists for Platform Security Lead within Unilever’s cyber function. The successful candidate will be responsible for the centrally managed global IT services (infrastructure and applications) achieving and maintaining Cyber Security objectives, standards, awareness, and compliance, defined using a ‘Risk Based’ approach. This senior leadership position will report to the BISO for Tech Foundations. 

Key areas under the role delivered by the Platform Security Lead team include:

• Cyber security solution engineering and risk advisory across Unilever’s managed technology estate, including network, infrastructure, cloud, endpoints, technology services (e.g. email) and enterprise wide applications (e.g. SAP, Workday), assuring appropriate risk identification, assessment, mitigation, and reporting.

• Ensuring the deployment of security tooling across the managed estate, in conjunction with the Security Engineering team.

• Ensuring the Security Operations Centers (SOC) have full visibility across the ecosystem and actively participate in incident response at the direction of the Head of Incident Response.

• Articulation, prioritization, elevation and monitoring of risk posture and narrative to influence leaders of the managed technology estate to take mitigation actions.  (e.g. CIO, CTO, Head of SAP and their leadership teams).

• Tailoring cyber training and awareness for the managed technology estate colleagues in alignment and partnership with the Cyber Training and Awareness Lead.

• Leading cyber cultural transformation across the managed technology estate teams in line with our Security Strategy and Transformation program.

• Maintaining and effectively directing the timely closure of security exceptions while reporting status to the Governance, Risk, Assurance and Compliance (GRAC) team.

• Providing standards and controls feedback, based on implementation requirements of the managed estate, to the GRAC team to help shape global policies and standards.

• Assessing risk across third party suppliers, vendors, and contractors for their area of responsibility, elevating and reporting on the same.

• Managing and influencing the closing of vulnerabilities across their area of responsibility, in conjunction with the Head of Vulnerability Management.

• Managing and tracking exceptions to security standards and controls across their area of responsibility, influencing to closure, and elevating/escalating to the GRAC function the same.

The position calls for a strategic individual with strong communication and influencing skills, who is able to roll their sleeves up tactically to understand IT/technology services, enterprise applications, network, infrastructure, cloud, digital transformation, operational technology (OT), internet of things (IoT) and Cybersecurity. This leader will utilize her/his knowledge and experience to assist with the implementation of an effective global security program that ensures the overall security posture of the company is aligned with business needs and balanced to protect in the evolving threat landscape. This role supports the VP of Security Technology & Operations in building strong relationships with internal leaders and operations staff, along with the other senior Cyber Security extended leadership team, on matters of cyber security and cyber risk, to foster the execution of cyber security as a business enabler.

Main Accountabilities

• Responsible for cyber security solution engineering and advisory across the core managed technology estate, including enterprise-wide applications.

• Accountable for ensuring SOC visibility across area of responsibility.

• Accountable for cyber risk reporting across area of responsibility to the CISO and to the business leaders.

• Responsible for tailoring and delivering cyber training and awareness across area of responsibility.

• Responsible for building, leading, and encouraging a cyber champions network across area of responsibility.

• Accountable for leading cyber cultural transformation efforts across area of responsibility.

• Accountable for maintaining and effectively directing timely closure of security exceptions across area of responsibility, and elevating/escalating exceptions to the GRAC team.

• Responsible for providing standards and controls feedback based on local implementation requirements/restrictions in order to refine global policies, standards, and controls requirements.

• Partner with corporate audit for planned cyber security audit review across his/her area of responsibility.

• Identify, categorize and risk assess third parties for cyber security implications across his/her area of responsibility.

• Attract, develop, and lead a team of Technical Information Security Leads and subject matter experts across the area of responsibility, as planned for in the central cyber security budget and headcount plan.

Key Skills and Relevant Experience

Skills:

• Customer Centric

• Process Oriented

• Excellent written and verbal communication skills and able to be understood by both technical and non-technical personnel.

• Proven ability to lead, develop, and motivate a senior team.

• The ability to lead through accountability with delegated responsibilities.

• Ability to manage conflicting priorities and multiple tasks.

• Stakeholder management and interpersonal skills at both a technical and non-technical level.

• Outstanding influencing ability.

• Able to work in a collaborative environment with international team members.

• Outstanding critical reasoning and problem-solving skills – sticking to the problem until it is resolved.

• Customer-orientated, whether responding to queries or delivering new services.

• Skills in Programme and Project Management at a portfolio level.

• Reasonable depth in the technical functionality across his/her area of responsibility, to include, but not limited to enterprise applications, network, infrastructure, cloud, and mobile devices.

Experience:

• The role holder will have previously held a senior leadership role in Cyber Security and/or Information Technology (IT).

• Significant international Cyber Security experience with Global 500 companies or similar is preferred.

• Extensive experience in providing thought leadership, and driving a complex change agenda, and an ability to challenge the “status quo”.

• Excellent strategic and operational business awareness, with a deep understanding of the key drivers, levers, issues and constraints of digital businesses and technology complexity.

• Experience within a customer focused environment.

• Knowledge of the applications or the technical landscape within the domain and experience of delivering Cyber Security projects to its demands.

Behaviours

Candidates would be required to demonstrate the Unilever Standards of Leadership & live the Values through showing the following behaviors:

• Agility – Flexes leadership style and plans to meet changing situations with urgency. Learns from the past, envisions the future, has a healthy dissatisfaction with the status quo.

• Talent Catalyst – Develops and magnifies the power of people. Creates an inclusive climate, empowering everyone to be at their best. Investing in people, coaching individuals, and teams to realise their full potential. Continually inspires powerful collaboration.

• Passion for High Performance – Inspires the energy needed to win, generating intensity and focus to motivate people to deliver results at speed.