Job Description:
About DXC Bulgaria
We are DXC - a Fortune 500 global IT services leader. In Bulgaria, we are among the largest employers with over 4,000 employees working on the company's entire IT portfolio. We are flexible - we provide everything you need to comfortably work from home, but we also keep our offices open for collaboration, meetings, and building a strong team spirit. We tailor everyone’s development path to their individual interests through training and additional certifications.
Our experience and desire to grow, our mission, and our values create an environment where ambitious people become successful at home. At home - in Bulgaria.
The Security Run Lead is responsible for the information security governance and information security risk management for the assigned accounts. He/she also provides leadership for security escalations, compliance, and audit activities.
Daily challenges
- Client Relationship Management
- Security / Compliance Focal point for customer: Building and maintaining the relationship with customer.
- Ensure DXC compliance with contract: Own security compliance of DXC services to contractual obligations.
- Understand customer security needs: Understand security requirements. Translate customer security needs to DXC services and technical requirements.
- Identify future security requirements: Analyze current security requirements and security needs to identify future customer requirements for security.
- Account Management
- Focal point to account: Act as the main point of contact / single point of contact (SPOC) for all Security related issues for the account.
- Security / Compliance Subject Matter Expert (SME) in the account: Act as security and security compliance SME in the account. Consult delivery teams on security policies, security standards and security best practices.
- Account Security Planning: Govern maintenance of the ASP document.
- Security Awareness Training.
- Security Management
- Ensure account / Enterprise Services is secure: Govern the overall security level within the account operations and the security aspect of services provided by DXC for the account.
- Monitoring / Security Reporting: Prepare and / or analyze security reports, consolidate security reporting data coming from various sources.
- New project review: Review security requirements prepared for new project implementation, provide consultation / advice for security requirements specific to the account environment.
- Coordinate agreed security programs: Coordinate security areas / tasks. Coordinate security programs and initiatives.
- Complete self-assessments: Govern the gap analysis process, coordinate self-assessment documentation and checklists, coordinate and facilitate assessments process, as described in customer / DXC policies.
- Risk Management
- Understand Risk Profile. Maintain Risk Register. Manage entire process. Identify and lead opportunities for process enhancements.
- Risk agreement & monitoring: Supervise security risk monitoring and review.
- Identify, rate and escalate risks: Supervise to risk identification and guide all DXC teams to properly identify risks. Provide lead expertise in risk assessment.
- Manage incidents: Ensure security incident management process is established and documented within the account.
- Audit Management
- Audit Single Point of Contact: Act as liaison between external (customer) auditors and DXC teams.
- Audit Coordination: Coordinate collection of audit evidence and collaboration between teams and external auditors, requested in DXC internal or external audits.
- Account/Delivery controls: Define and agree on custom controls with customer. Ensure delivery controls are implemented.
- Audit registration: Audit management back office activities: creation and maintenance of audit items, action items and follow up on auditees' timely responses.
- Check contractual boundaries: Ensure audit activities are performed according to contractual obligations.
- Account/Delivery based remediation: Coordinate remediation activities for both dedicated and shared delivery teams.
- Transition
- Policy Analysis and Risk Assessment: Lead policy analysis: analyze statements in DXC and customer policies and identify deviations.
- Initial training: Conduct security training to DXC teams, as specified in customer / contractual requirements.
- Setup Security Governance: Define and agree with customer on security governance metrics and security governance framework.
- Basic Security Incident Management: Ensure basic security incident management process exists to the extent possible in the transition environment.
- Transformation
- Policy alignment: Ensure gaps between customer and DXC security policies are identified.
- Maintain security risk register and ensure security risk management implementation within the account.
- Prepare and support planning of Transformation activities.
- Coordinate security transformation projects: Act as security lead in transformation projects, with regards to security policies, standard and best practices
eXperience and skills required
- A minimum of 3 years professional experience in Information Security or IT Audit
- Experience in at least one of the industry standards
- Practical experience in Project Management
- Excellent knowledge of Information Security and technology
- Good knowledge of the latest IT technologies
- Understanding of ITIL Service Delivery Framework
- Fluent in English
- Ability to collaborate and negotiate with members of team and members of other teams
- Understanding of 24x7 mission critical enterprise computing environments and the impact of service disruption on a company’s bottom line
- High ethical standards
- Strategic thinking
- Leadership skills
- Certificates considered an advantage: CISSP CISM CompTIA Security +
Company benefits
- Competitive remuneration package
- Additional Medical & Life insurance
- 4 days additional paid leave (total: 24 days)
- The possibility to work entirely remotely
- Food vouchers
- Training, continuous learning and career development in the largest IT company on the market
- Unlimited access courses from a bunch of external partners for the best learner's experience (e.g., LinkedIn Learning, Udemy)
- Access to a foreign language learning platform
- Stable employment in an international company
- Advancement opportunities within the organization (a variety of interesting projects with the array of technologies and tools)
- Flexibility in work arrangement (hybrid or fully remote work, the home office culture is in our DNA)
- Workplace equipment to organize your home office (e.g., chair, desk, additional monitor, headset etc.)
- DXC Partner courses and certifications (Microsoft, SAP, ServiceNow, AWS, Google, Dell Technologies, IBM, Micro Focus, Salesforce, Red Hat, VMware, Workday)
- Employee Referral Program - a financial bonus for the referrer for successful candidate recommendation
- Employee Recognition Program with points assigned by colleagues for the recognized employees (exchangeable for prizes)
- Employee Assistance Program (providing 24/7 support for employees and their families in difficult life situations)
- Opportunity to join our numerous charity and ecology-related events organized by our Employee Ambassadors team
We Deliver eXcellence for our Customers and colleagues every day. Our values form the foundation of everything we do and every decision we make.
If you feel comfortable with the above-mentioned requirements, please send us your CV in English. At DXC our employees’ safety and well-being remain a key priority for us. Therefore, we continue with stay-at-home recruiting and video interviewing for the foreseeable future.
Please note only shortlisted candidates will be contacted.
Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.