Job Description:
About DXC Bulgaria
We are DXC - a Fortune 500 global IT services leader. In Bulgaria, we are among the largest employers with over 4,000 employees working on the company's entire IT portfolio. We are flexible - we provide everything you need to comfortably work from home, but we also keep our offices open for collaboration, meetings, and building a strong team spirit. We tailor everyone’s development path to their individual interests through training and additional certifications.
Our experience and desire to grow, our mission, and our values create an environment where ambitious people become successful at home. At home - in Bulgaria.
The Security Run Lead is responsible for the information security governance and information security risk management for the assigned accounts. He/she also provides leadership for security escalations, compliance and audit activities.
Daily challenges
- Client Relationship Management
- Security / Compliance Focal point for customer: Building and maintaining the relationship with customer.
- Ensure DXC compliance with contract: Own security compliance of DXC services to contractual obligations.
- Understand customer security needs: Understand security requirements. Translate customer security needs to DXC services and technical requirements.
- Identify future security requirements: Analyze current security requirements and security needs to identify future customer requirements for security.
- Account Management
- Focal point to account: Act as the main point of contact / single point of contact (SPOC) for all Security related issues for the account.
- Security / Compliance Subject Matter Expert (SME) in the account: Act as security and security compliance SME in the account. Consult delivery teams on security policies, security standards and security best practices.
- Account Security Planning: Govern maintenance of the ASP document.
- Security Awareness Training.
- Security Management
- Ensure account / Enterprise Services is secure: Govern the overall security level within the account operations and the security aspect of services provided by DXC for the account.
- Monitoring / Security Reporting: Prepare and / or analyze security reports, consolidate security reporting data coming from various sources.
- New project review: Review security requirements prepared for new project implementation, provide consultation / advice for security requirements specific to the account environment.
- Coordinate agreed security programs: Coordinate security areas / tasks. Coordinate security programs and initiatives.
- Complete self-assessments: Govern the gap analysis process, coordinate self-assessment documentation and checklists, coordinate and facilitate assessments process, as described in customer / DXC policies.
- Risk Management
- Understand Risk Profile. Maintain Risk Register. Manage entire process. Identify and lead opportunities for process enhancements.
- Risk agreement & monitoring: Supervise security risk monitoring and review.
- Identify, rate and escalate risks: Supervise to risk identification and guide all DXC teams to properly identify risks. Provide lead expertise in risk assessment.
- Manage incidents: Ensure security incident management process is established and documented within the account.
- Audit Management
- Audit Single Point of Contact: Act as liaison between external (customer) auditors and DXC teams.
- Audit Coordination: Coordinate collection of audit evidence and collaboration between teams and external auditors, requested in DXC internal or external audits.
- Account/Delivery controls: Define and agree on custom controls with customer. Ensure delivery controls are implemented.
- Audit registration: Audit management back office activities: creation and maintenance of audit items, action items and follow up on auditees' timely responses.
- Check contractual boundaries: Ensure audit activities are performed according to contractual obligations.
- Account/Delivery based remediation: Coordinate remediation activities for both dedicated and shared delivery teams.
- Transition
- Policy Analysis and Risk Assessment: Lead policy analysis: analyze statements in DXC and customer policies and identify deviations.
- Initial training: Conduct security training to DXC teams, as specified in customer / contractual requirements.
- Setup Security Governance: Define and agree with customer on security governance metrics and security governance framework.
- Basic Security Incident Management: Ensure basic security incident management process exists to the extent possible in the transition environment.
- Transformation
- Policy alignment: Ensure gaps between customer and DXC security policies are identified.
- Maintain security risk register and ensure security risk management implementation within the account.
- Prepare and support planning of Transformation activities.
- Coordinate security transformation projects: Act as security lead in transformation projects, with regards to security policies, standard and best practices.