Customer Security Director UK

Job Description

Date: Apr 1, 2019

Customer Security Director

Abstract

This document outlines the key responsibilities and interfaces for the Customer Security Director role, responsible for strengthening Ericsson's capability to develop, sell and deliver solutions that efficiently and effectively meet the Customer's Security needs.

 

1   Role description

The Customer Security Director (CSD) is a dedicated Business Partner and Senior Advisor to the GCU / CU Head and their Sales and Delivery teams, as well as a single point of contact toward the Customer for all matters related to Security. 

The CSD delivers value through their in-depth understanding of: 

a       the Customer and their: business environment, security-related concerns, requirements and reasons they issue these requirements (threat landscape, regulatory compliance, contractual requirements with their Customers, etc.); 

b       Ericsson and our portfolio, the solutions we are delivering for the Customer, internal strategies, steering documents, processes, methods, tools, models and ways of working; the organization and governance of Security within Ericsson;

c       the contract(s) and agreement(s) between Ericsson and our Customer, outlining the agreed terms, conditions and requirements related to Security.

2       Responsibility

As a customer-facing role for designated key accounts, the Customer Security Director
serves as the single point of contact between the Customer and Ericsson for all matters related to the Security of the solution or services proposed or provided by Ericsson. The CSD, ensures the Customer's Security concerns are identified, understood, acknowledged and addressed;

The CSD is responsible for strengthening Ericsson's capability to develop, sell and deliver solutions that efficiently and effectively meet the Customer's security needs, including:

Develop 

1           Share current and emerging customer security-related requirements with key stakeholders in the BAs, MAs and GFs where new or further development should be considered.

Sell 

1           Support CU/GCU business development by identifying leads and qualifying opportunities  

2           Support CU/GCU close deals by highlighting how Ericsson's proposed solution enhances the Customer's Cybersecurity and Data protection posture, differentiating Ericsson from the competition; includes leading Customer discussions, providing documentation or demos

3           Coordinate and quality-assure security-related responses to RFx's and contracts. 

Deliver 

1           Support CFR, Managed Services Chief Operational Officer (MS COO) and Customer Project Managers to develop and implement a Security Plan to achieve fulfillment of contractual security requirements across all customer projects, including continuity of operations in the event of a crisis, business interruption, cyber-attack or other incidents; 

2           Risk management by executing appropriate measures to manage and mitigate risks and reduce potential impacts to an acceptable level;

3           Support in ensuring the correct and efficient deployment of the security solution, people and process, validating the projects security strategy, and ensuring its adequacy to the customer’s particularities;

4           Hold governance meetings on security subjects according to the program Governance structure;

5           Support customer on strategic decisions regarding security solutions, as required;

6           Actively promote awareness of the customer security requirements among staff delivering, operating or managing the solution delivery, including third parties and newly onboarded staff; 

7           Drive delivery excellence by continually verifying contract fulfillment of Security requirements across ongoing customer projects; 

8           Communicate the status of contractual compliance to the Customer on a regular basis, and provide additional information to further support security assurance upon request and as agreed in the contractual terms and conditions; 

9           Drive gap closure affecting the delivery, including weakness related to the delivery, solution, or enterprise security; 

10        Coordinate all matters related to Customer assessments and audits;

11        Ensure performance measurement by measuring, monitoring and reporting security governance metrics to ensure that customers objectives are achieved. 

Note: the CSD is not responsible for setting the security strategy for Ericsson's solutions (CTO responsibility), setting the security strategy for Ericsson's enterprise security (CSO responsibility), or handling security-related matters extending beyond the solution or services provided by Ericsson (e.g. incidents impacting the Customer’s perception of Ericsson).

3 Interfaces 

Key interfaces for the CSD include:

·       Customer;

·       Sales team: GCU / CU Head, ACRs, CFRs, CSRs;

·       Delivery team: Customer PMs, personnel in customer projects responsible for executing the security requirements, Managed Services Chief Operational Officer (MS COO), etc.

·       Develop teams: solution experts, product security advisors, security & privacy solution SMEs;

·       Ericsson security community: Group Security Enterprise Security Directors, PSIRT, Network Security, Security SMEs and expert functions.

 


The term ‘Security’ include information security (addressing all domains and management system requirements outlined in ISO/IEC 27001 & ISO/IEC 27002), cybersecurity, security assurance, data privacy, and other applicable legal, contractual and regulatory requirements, business continuity management, secure configuration and operation of solutions, services, IT infrastructure, and operations supporting the Customer delivery, security risk management, third party security risk management, personnel security (including screening and security awareness & training), security incident & breach management, vulnerability management, physical and environmental security.

 

Ericsson provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetics.

Ericsson complies with applicable country, state and all local laws governing nondiscrimination in employment in every location across the world in which the company has facilities. In addition, Ericsson supports the UN Guiding Principles for Business and Human Rights and the United Nations Global Compact.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, training and development.

Ericsson expressly prohibits any form of workplace harassment based on race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetic information.

 

Primary country and city: United Kingdom (GB) || || London || Consulting&SysInt; IT; ProdMgt; R&D; SalesStratMkt&ComMgt; ServEng; SharedServ; Stud&YP; Supply&Log

Req ID: 276070