Lead Security Professional

**About Lumen**

**The Role**:
Reporting to the SR MGR PRODUCT MANAGEMENT, this role is responsible for understanding the client's security environment, provide security advisory and consulting services to clients in their security improvement journey. This position will also work closely with Sales to develop and achieve business opportunities.

**The Main Responsibilities**:
**Client Delivery**
- Meeting with customers' senior executives and project owners to understand and review their requirements and then transforming the business requirements into executable action plan.
- Perform cyber security assessment to provide the client's current security posture (cyber security baseline).
- Perform security risk assessments and provide recommendations that are measured and feasible to within the client's risk tolerance and appetite level.
- Provide cyber security advisory services to clients to facilitate them in the development and implementation of control measures to meet their security strategy and roadmap.
- Perform ISMS Internal Audit and draft report for clients. Provide advisory services on recommended action plans.
- Perform third-party vendor risk assessment and provide advisory services to clients on recommended next steps.

**Pre-Sales**
- Working with Sales, support Presales with client proposals, advising solutions to meet client requirements.

**Business Development**
- Innovate security solutions in line with landscape changes to client requirements.
- Innovate and enhance processes to promote efficiencies and effectiveness of client service delivery.
- Attend meetings with business development managers to provide technical expertise and present proposals related to Connected Security services.
- Prepare business cases for the sales team to support GRC related proposals.
- Work closely and collaboratively with customers to capture and understand requirements to devise effective solutions ensuring GRC services can meet customer's requirements.
- Prepare detailed costings for clients ensuring the contract is profitable.
- Demonstrates knowledge of Managed Security Services (MSS) and Professional Security Services.
- Security related qualifications - CISM, CISSP, CISA, ISO27001 Lead Auditor,
- Knowledge of PCI DSS, ISO27001, NIST (800-53, CSF), ASD-ACSC ISM, Essential 8, CPS234, CPS230 and demonstrated experiences in implementing them.
- Knowledge of information security, including threat intelligence, incident response, risk management, and security architecture
- Good understanding or background in information security tools such as SIEM, endpoint software, IPS / IDS products, GRC products.
- Business acumen with ability to understand business processes and document them.
- Ability to interact with internal and external customers with great communications and presentations skills.
- Ability to manage multiple projects, prioritize tasks, and meet project deadlines.

**Advantageous Qualifications, Skills and Abilities**
- Cloud Security or Architecture experience, preferably AWS or Azure
- Build on the capability to detect, deter and respond to cyber security threats by expanding the organization's security incident and event management capability.
- Project Management related qualifications - Prince2, PMP
- Knowledge of risk management frameworks such as ISO31000, NIST Risk Management Framework, and demonstrated experiences in implementing them.
- Desirable - IRAP certified or able to get certified.

**What to Expect Next**:
Requisition #: 328966

**EEO Statement**
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, gender expression, marital status, family status, pregnancy, or other legally protected status (collectively, "protected statuses"). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.

**Disclaimer