Security Certification & Assurance Lead

Wellington, Wellington
  1. Full Time
  2. IT/Technology
Posting date:11 Sep, 2019

Empowering our customers is at the heart of what we do along with investing in our people. We provide a range of benefits like health insurance for you and your family, the chance to work flexibly, a day off to celebrate "you", a world of opportunities to progress your career, supporting you to volunteer your time in the community, and supporting your life at home through our award-winning parental leave policy.

The role of the Risk, Threat and Compliance team is to ensure Vodafone establishes and maintains security to satisfy Vodafone Group security policy and protect the security of Vodafone’s customers, brand and Internal Information and technology systems.
As part of the VF Security Team you will be providing security specialist advice to a number of projects across the Vodafone NZ estate. Working with projects both internal and client facing, providing risk assessments and risk management plans, assuring technical designs to Vodafone, Industry and Government standards, and preparing projects to NZISM certification, specifically DIA Telecommunications-as-a-service (TaaS) Security Certification, where required.
Vodafone has a number of Enterprise products already certified and used by Government Agencies under the DIA TaaS Security Certification process. Part of this role is to help maintain Certification of these services, by providing a risk assessment when changes or uplifts are required.
What will I be doing?
  • Managing the Security Certification process for new Ready Government (RG) TaaS products
  • Providing technical security reviews of solutions architecture
  • Preparing and maintaining technical risk assessments, systems security plans and security Risk Management Plans for RG TaaS services
  • Managing the Certification process to changes to existing RG TaaS services
  • Leading the coordination of the security assurance activities required to maintain current RG TaaS Security Certifications. This includes quarterly compliance activities across the RG TaaS services and sampling audit of controls.
  • Managing our external Auditor requirements for Security Certification
  • Facilitating penetration testing required for Security Certification & ongoing assurance
  • Facilitating the annual external audit of controls for each RG TaaS Certification with key stakeholders.
  • Supporting the Risk, Compliance & Threat Manager in providing reporting for the monthly Security Governance meetings with DIA.
  • Manage key stakeholder relationships –ability to communicate at all levels from technical engineers to Execs.
  • Drive to continuously improve our customer experience.
What Will I Bring?
  • Extensive industry experience in information security.
  • Experience managing security controls testing and remediation plans
  • Thorough knowledge of security policy frameworks such as NZ ISM
  • Good foundation in knowledge of information systems, operating systems, databases and networking.
  • Ability to manage compliance activities to an industry recognised security framework such as ISO 27001, PCI DSS, NZ ISM.
  • ISO 27001 Lead Auditor or similar auditor qualifications
  • Professional qualifications such as CISM, CISSP, CISA desired.
With Vodafone, your unique talents and experience will help us deliver an unmatched experience to our customers. In return you’ll enjoy an inclusive and flexible working environment in a diverse team of exceptional people while you’re growing your career here in Aotearoa, or globally.
The future is exciting …. Ready ?

Life at Vodafone

Raniya's Work Experience

James "Vodafone changed my life"

James "Vodafone changed my life"