Security Compliance Analyst

Job Description

Date: Aug 19, 2019

At Ericsson, we give our employees the freedom to think big. Your ideas and innovations can turn into achievements that impact society and change the world. Are you ready to be a change-maker?

Learn what makes YOU + Ericsson a powerful combination. Join us today.


About Us


We are one of the leading providers of Information and Communication Technology (ICT) to service providers, with about 40% of the world’s mobile traffic carried through our networks. We enable the full value of connectivity by creating game-changing technology and services that are easy to use, adopt and scale, making our customers successful in a fully connected world.


Together, in Romania we create a culture of innovation, constantly transforming to find new ways of working. Opened in 2007, the Global Site in Bucharest is one in only four all over the world, the only one situated in Europe and a vital component in Ericsson’s global services organization. The Romanian site currently counts on a team of 1,900 strong professionals and enthusiastic young specialists and is developing constantly to meet customer needs.


Position Purpose 


We are now looking for a Security Operations Compliance professional for our Managed Security team. This position will ensure that the Managed Services delivery unit adheres to the security compliance requirements as per the customer’s security policy and any applicable regulatory requirements, in addition to supporting assessment and audit activities. The professional will work alongside a highly skilled, diverse team, making sure that the information assets, that we are responsible to protect, are secured.


Main accountabilities - you will: 


  • Ensure that Information Security Requirements for the specific contract will be adhered to and maintained
  • Perform periodic risk and security assessments, review and propose updates to the Information Security Requirements based on risk and security assessments
  • Maintain the personnel’s awareness of up-to-date security policies and procedures
  • Maintain procedures to ensure management of security for systems under Ericsson Management
  • Perform periodic checks that only the authorized persons have access rights to information, systems, and facilities, and report findings
  • Perform periodic review of baseline security standard for the operating systems and network devices
  • Track closure of identified gaps and report compliance periodically
  • Ensure that all relevant security process and procedure documents are up to date and reviewed periodically
  • Perform periodic review of the contracted customer delivery against ISO27001 standard
  • Test the security control effectiveness and identify gaps (if any)
  • Assist in security exception handling process
  • Provide recommendations in lieu of security exceptions, provide risk analysis, and recommend actions


Technical/Soft Skills

General competencies:

  • 4 to 7 years experience with at least 4 years of experience in IT
  • 2 years in Security Governance, Risk and Compliance (GRC)
  • Good documentation, analysis skills
  • The ability to work constructively under pressure
  • Ability to work both in a team as well as individually
  • Knowledge sharing & collaboration skills
  • Customer oriented, Service minded
  • Deliver results & meet customer expectations
  • Excellent communication skills, English is a must


Technical competencies:

  • Good knowledge and understanding of information security
  • Good understanding of ISMS (Information Security Management System), ISO 27001 standard and prior experience of conducting IT audits

  • Knowledge of data privacy and GDPR

  • Should be adept at conducting gap analysis & risk assessments to identify high risk areas and recommend controls to address the risk areas

  • Understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks, also with available security control (technical & process control) for respective layers


Academics and Certifications

  • Education:  BE/ B.Tech (Telecommunication/ Computer Science)
  • ISO 27001 Lead Implementer, CISA, ITIL, CISSP, and CISM certifications will be an advantage


What we offer

  • We will value your competences
  • You will work in a dynamic company along with the smartest people in the industry
  • You will benefit from a wide range of learning and transfer knowledge from/to your colleagues
  • You will have access to latest technology and support to showcase your bright ideas
  • You will enjoy Ericsson’s ways of working that value the importance of work life balance
  • Benefits package: including premium healthcare & gym subscriptions
  • You will be part of an active community via Brand Ambassadors, CSR Activities, Sports Teams etc.




Ericsson provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetics.

Ericsson complies with applicable country, state and all local laws governing nondiscrimination in employment in every location across the world in which the company has facilities. In addition, Ericsson supports the UN Guiding Principles for Business and Human Rights and the United Nations Global Compact.


This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, training and development.


Ericsson expressly prohibits any form of workplace harassment based on race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetic information.


Primary country and city: Romania (RO)  ||  || Bucharest  || Consulting&SysInt; IT; ProdMgt; R&D; SalesStratMkt&ComMgt; ServEng; SharedServ; Stud&YP; Supply&Log