Job Description :
Account Security Officer is the account's security interface to the client at governance, delivery and specific operational levels.
The ASO is accountable for managing the delivery of security services from MSS and governing security controls delivered by other DXC Capability teams.
You will be working with chief security and compliance officers and senior technology and business management to understand customer business priorities and security needs, and to influence the development / alignment of security strategy.
Assisting in creating strategy roadmap, the ASO is expected to assess, recommend and drive the implementation of security solutions that effectively support client business objectives in infrastructure and information risk management.
This is a senior level role that requires to interact with and influence C-level personnel such as CISOs and CIOs within client organizations, as well as to support account and delivery organizations in attaining organizational security goals and revenue targets.
You must be able to demonstrate industry expertise and how this translates into secure operational services for clients, and develop security solutions that promote growth of the security footprint within the assigned client.
The ASO is to :
Develop a deep relationship with the client based on trust, delivery and execution in order to drive service excellence and ultimately sales.
Develop a thorough understanding of the client's business and IT Risk Management strategies; and deliver GCC services accordingly.
Ensure that DXC capabilities are provided maximum opportunity to support account expansion goals.
Maintain a close relationship with the account team, and support them in their dealings with the client.
Strive to become a 'Trusted Advisor' to the client, either providing expert technical advice themselves, or bringing in subject matter experts where appropriate from both within and outside DXC.
Have a thorough understanding of all the commercial aspects of the Security business within the account.
Provide input to the client's security strategy and technical roadmap.
In the security governance role the Security Officer should be aware of important operational issues including security compliance, and be the escalation point for significant security events, problems and incidents.
Responsible for delivery of account Security Compliance by the DXC Account Team
Organisation, scheduling, attendance tracking of the account Security Governance board.
Ensure delivery of; agenda, minutes, account security risk and compliance register, remediation plans, account risk register
Review of client security policy - gap analysis, contractual deliverables, security awareness
Security Awareness training to DXC Lines of Service
Provide required reporting; Account Scorecard, Security Risk and Compliance register, Security Controls Report - monthly, security services report (summary) monthly
Meet weekly with the Account Executive / Account Manager / Service Executive - formal document discussions and actions
Deliver SLA reporting for Security Services
Work with MSS to ensure DXC security obligations are met
Develop account level security business plan to address overall strategy
Monthly finance reporting for security service line
Maintain an account handbook (and other account specific base documents) which describe the Security Officers engagement points with the client and identifies security interfaces across DXC's account team.
Contribute to the Security Officer community and attend collaboration meetings.
Meeting with Security leadership team to provide update on Security service within the account
Governance, Risk and Compliance (GRC)
Provide the Client a single point of contact for security matters related to DXC's Services
Be the security relationship manager for the client for all GRC related issues.
Review and ensure delivery of the monthly Security Risk and Security compliance report produced by the analyst
Consolidates from operational groups and delivers monthly security services operational reporting
Review and approve security changes on the account.
Chair client report review meetings.
Maintain the Security Incident Response Program - Incident Management Plan
Meet at least weekly with the client. One formal meeting documented with meeting minutes and actions.
Organise quarterly presentations to bring security innovation to the client - leverage DXC's Global IP, community and industry (ie.
SMEs, CTO, vendor, Security Lead, Director, etc.)
Challenges of position :
The challenges of this position are inherent in the delivery of outsourcing services to clients, and may include;
Large, complex, diverse information system environment
Interpretation of complex, dated or irrelevant client security policy
Lack of security policy, security framework or poor interpretations relevant standards and regulations.
Accountability (real or perceived) for security delivery in other delivery groups. Quasi federated" structure
Client requires a broad appreciation and understanding of business, IT risk and security strategy
Challenging and complex client management environment
Security treated by client and account team as an "add on" and a cost to deliver a service rather than an inherent part of it.
QUALIFICATIONS AND EXPERIENCE
Minimum 7 years professional experience in discipline in the realm of Information Security
Balance of technical security knowledge and GRC experience
Senior practitioner level experience with security environments
Ability to work independently and manage multiple projects and task demands effectively
Experience in auditing, interpreting and implementing security policy
Ability to work successfully and constructively within a team of diverse stakeholders, business and technical
Outstanding interpersonal skills
Strong analytical an conceptual design skills
Expert writing and communications skills
CISSP,CISM preferred, but may be substituted with equivalent technical credentials and experience
Ability to deal with complex problems, matrix management and ambiguity
Bachelors or Masters Degree, preferably in technical discipline or field (engineering, computer science, etc). Equivalent technical work experience may be considered as a substitute for university degree
Security management in the appropriate industry
Experience in working in a matrix environment, and ability to direct and influence others without being their line manager