Ericsson Security specialist in Malaysia
Purpose of the role
The purpose of this document is to describe the functional role of Security Specialist-Investigations. The Security Specialist-Investigations manages security investigation activities within the region, including security requirements from hosted activities in accordance with the Governance Model – Group Security. The aim is to achieve operational excellence within the concept of One Ericsson.
Prime role of Security Specialist-Investigations is to address Ericsson’s internal security investigation requirements.
The Security Specialist-Investigations has the following responsibilities within the scope
Collect and compile information
Prepare and execute the investigation plan
escalate decisions through investigations
Deliver and communicate investigation report
Identify improvement opportunities and implement or recommend enhancements to the relevant organization
Security Specialist-Investigation is typically assigned to work with the investigations of the critical security incidents that can or may impact Ericsson brand people or assets.
The main activities within the Daily Operations are the following:
Drive the implementation of global security investigation framework, directives and guidelines, complement with local security instructions if needed.
Determining work procedure, prepare work schedules & determine methods for expediting workflow.
Ensure accurate identification of COBE breach through the use of sophisticated computer systems; laboratory and examination of evidence.
Data extraction & analysis & presentation.
Strategic planning, risk assessment, governance and compliance processes, designing security solutions and conducting incident response & digital forensics investigations.
Perform and create procedures for system security audits, risk assessment, vulnerability assessment, penetration testing and conducting incident response & digital forensics engagements.
Lead digital forensics function which involved hard drive imaging, analysis of emails and financial data.
Inform the Regional Security Director when CMTF within area of responsibility is activated.
Manage security incidents and investigations in accordance with the Security Incident Handling Process and Investigation Framework
Prioritise work and ensure cases and complaints are handled appropriately and in a timely manner.
Facilitate risk assessments based on business requirements, agreements and activities.
Provide Business Continuity Management (BCM) subject matter expertise and support local implementation and maintenance activities with the area of expertise i.e. digital forensics.
Provide technical leadership to the enterprise for the security investigation program
Drive security awareness activities amongst ALL personnel
Perform specialized security training for target groups
Work independently and coordinate cross function at a senior level.
Build & maintain documentation for all procedures, as required to continually improve levels of service & efficiency and meet quality standards
Information Security Responsibilities
Assist in Implementation of ISO 27001 controls across the organization as per the Ericsson Global ISO 27001 control framework.
That security is implemented and maintained in accordance with Ericsson Security and Risk Management directives.
That ‘best practice’ of security investigations is developed and maintained.
Cooperation & Coordination
The Security Specialist-Investigation drives & coordinates security investigations related activities in the Region.
Key Internal Interfaces
Region Security Director
Real Estate responsible/Facilities Specialist
Head of operations Units
Key External Interface
External partners security investigation organizations.
Functional line reporting to Regional Security Director
Escalate non-conformities referring to Ericsson Security directives to Regional Security Director and ensure all incidents are reported in the Security Incident Management System
Monthly report to the Regional Security Director
After-action reporting on CMTF activations to the Regional Security Director
The key technical qualifications required are:
Bachelor’s degree or equivalent within Telecommunication, Information Technology and Electronics. Have 8-10 years of experience in a similar profile, such as corporate investigator.
Formal Security training (certificate) or equivalent, any of the following certificates would be a definite advantage CISM, CISSP, SSC, QSA, BSI ISO/IEC 27001:2013, CEH, CIFI & CHFI, EnCE
Minimum five years’ experience in a security related role, including:
Risk Management, Information-, IT security, Crisis Management, Forensic investigation and Cybercrime.
Hands on experience in forensic tools. E.g. Encase, FtK, X-way etc.
Knowledge in security products & solutions
Knowledge of ISO/IEC 27001
Knowledge in Electronic Discovery
Experience in working with Windows and Linux platforms
RHCE certification would be an added advantage
Why is Ericsson a great place to work?
Ericsson is the driving force behind the Networked Society where every person and every industry is empowered to reach their full potential. Mobility, broadband and the cloud are transforming the world, enabling industries and society to provide better services, capture new opportunities, improve businesses, increase efficiency, and create new user experiences.
Our services, software and infrastructure support every major telecom operator in the world. The transformation that this brings allows people, business and society to fulfill their potential and create a more sustainable future.
With some 115,000 employees and customers in 180 countries, we combine global scale with technology and services leadership. We support networks that connect more than 2.5 billion subscribers. 40 percent of the world’s mobile traffic is carried over Ericsson networks. And our SEK 100 billion investment in research and development over the last three years ensure that our solutions – and our customers – are at the forefront of innovation.
At Ericsson, we give our employees the freedom to think big. Your ideas and innovations can turn into achievements that impact society and change the world. Are you ready to be a change-maker? Learn what makes YOU + Ericsson a powerful combination. Join us today.
Founded in 1876, Ericsson has its headquarters in Stockholm, Sweden. Net sales in 2014 were SEK 228.0 billion (USD 33.1 billion). Ericsson is listed on NASDAQ OMX stock exchange in Stockholm and the NASDAQ in New York.
Ericsson provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetics.
Ericsson complies with applicable country, state and all local laws governing nondiscrimination in employment in every location across the world in which the company has facilities. In addition, Ericsson supports the UN Guiding Principles for Business and Human Rights and the United Nations Global Compact.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, training and development.
Ericsson expressly prohibits any form of workplace harassment based on race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetic information.