Responsibility is to act as a coach to all staff involved and manage the security relationship with the customer and third parties.
Ericsson is a world-leading provider of telecommunications equipment and services to mobile and fixed network operators. Over 1,000 networks in more than 180 countries use Ericsson equipment, and more than 40 percent of the world’s mobile traffic passes through Ericsson networks. Using innovation to empower people, business and society, we are working towards the Networked Society, in which everything that can benefit from a connection will have one. At Ericsson, we apply our innovation to market-based solutions that empower people and society to help shape a more sustainable world.
We are truly a global company, working across borders in 175 countries, offering a diverse, performance-driven culture and an innovative and engaging environment where employees enhance their potential everyday. Our employees live our vision, core values and guiding principles. They share a passion to win and a high responsiveness to customer needs that in turn makes us a desirable partner to our clients. To ensure professional growth, Ericsson offers a stimulating work experience, continuous learning and growth opportunities that allow you to acquire the knowledge and skills necessary to reach your career goals.
The Ericsson Wallet Platform (EWP) is a product which enables our customers to provide mobile financial services/mobile money. Customers are operators and banks, both of whom have very high expectations on the level of security which this financial solution provides and the manner in which the solution is operated, integrated and customized. As part of the delivery for our customers we are looking for an information security architect in Uganda.
- Your primary responsibility is to ensure the information security of our Wallet Platform deliveries towards our customers within Ericsson MS (Managed Services), ADM (Application Development Management), CS (Customer Support) and CSI (Consulting and Solution Integration) and compliance against contractual obligations.
- Your secondary responsibility is to act as a coach to all staff involved and manage the security relationship with the customer and third parties.
- Your other responsibilities include ensuring adherence to security SLAs and mandatory compliance levels against customer and Ericsson security policies, security standards and benchmarks such as PCI DSS, ISO27001, ISO22301, Center for Internet Security benchmarks, OWASP, etc. You also ensure compliance obligations against regulation on financial services, information security, data protection and related areas are met.
Qualifications And Experience Required:
- At least 5 years experience as an information security architect, information security consultant or in an information security line function.
- Multiple certifications and related work experience is preferred.
- At least 5 years experience with working as a solution architect.
- Experience with implementing and auditing security certifications such as PCI DSS, ISO27001 and ISO22301 is preferred.
- Proven ability with taking risk based security decisions, and weighing the interest of multiple stakeholder and risk profiles against each other.
- Proven ability to take in a large volume of information, such as polices, and determine their impact in a particular situation, e.g. whether a change request is compliant.
- Proven consultancy skills.
- Experience with information security in mobile financial services and/or financial services is preferred.
- Understand that compliance is not necessarily the same as security and know how to reason, argument and deliver secure and user friendly solutions which also are compliant.
- Excellent skills in interacting with staff at all levels in a professional way.
- Fluent in spoken and written English.
You must have at least one of the following (active) certifications.
- ISC2 – Certified Information Systems Security Professional (CISSP).
- ISACA – Certified Information Security Manager (CISM).
- ISACA – Certified Information Systems Auditor (CISA).
- ISACA – Certified in Risk and Information Systems Control(CRISC).
- ASIS International – Professional Certified Investigator (PCI).
- ASIS International – Certified Protection Professional (CPP).
- BSI or IRCA – ISO27001 lead implementer or lead auditor.
- BSI or IRCA – ISO22301 lead implementer or lead auditor.
- BCI – Certificate of the Business Continuity Institute (CBCI).
Having at least one of the following (active) certifications is preferred:
- PCI SSC – PCI DSS or PCI PA DSS QSA.
- ACFE – Certified Fraud Examiner (CFE).
- EC-Council – Computer Hacking Forensic Investigator (CHFI).
- EC-Council – Certified Ethical Hacker (CEH).
- IACIS – Certified Forensic Computer Examiner (CFCE).
- ISC2 – Systems Security Certified Practitioner (SSCP).
- ISC2 – Certified Cyber Forensics Professional (CCFP).
- ISCPP – Internation Crime Prevention Specialist (ICPS).
- ISFCE – Certified Computer Examiner (CCE).
- Offensive Security – Offensive Security Certified Professional (OSCP).
- Red Hat – Certificate of Expertise in Server Hardening.
- Red Hat – Red Hat Certified Engineer (RHCE).
- Red Hat – Certified System Administrator (RHSA).
Work location and team:
You will work with a dedicated team for the delivery to one of Ericsson’s customers from Uganda. Your security architect responsibilities will cover Uganda, Zambia, Rwanda, Swaziland and South Sudan. The successful incumbent must enjoy travelling and working in very diverse environments.
You’ll Be Part Of The Global Ericsson Mobile Financial Services Security Community, But Dedicated To One Customer. You Will Be Part Of a Team Of Five Information Security Architects And One Regulatory Analyst. Each Information Security Architect Will Have At Least One Core Competence In The Areas Mentioned Below And Multiple Secondary Competences In These Areas:
- software security.
- Linux and infrastructure security.
- operational security, investigations and forensics.
- ITIL process and managed services organization security.
- policies, standards, benchmarks, and their compliance as well as managing organizational change. Able to lead the team and be the central point of contact for the customer and their C-level managers.
Ericsson provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetics.
Ericsson complies with applicable country, state and all local laws governing nondiscrimination in employment in every location across the world in which the company has facilities. In addition, Ericsson supports the UN Guiding Principles for Business and Human Rights and the United Nations Global Compact.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, training and development.
Ericsson expressly prohibits any form of workplace harassment based on race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetic information.