Security Engineering Assistant Manager

Job Title: Security Engineering Assistant Manager

Location: Port Sunlight, UK

JOB PURPOSE

The Security Engineering Assistant Manager role is tasked with delivering world class cyber security tools & services in partnership with our Business Owners (who operate these capabilities) and our partners. This partnership will generate value by ensuring that our key risks are appropriately managed, and we are continuously developing our capabilities to meet the needs of the business.

RESPONSIBILITIES
The Security Engineering Assistant Manager is responsible for deploying and managing the cyber security technology stack to ensure our key cyber risks are being appropriately managed. This requires collaboration between our Business Owners (i.e. who operate these capabilities), our suppliers and our partners – all with the common goal of continuous improvement. This position will report to the Security Engineering Manager.

Key areas under this role includes:

• Managing our Cyber Security capabilities (in partnership with the relevant Business Owner) including SIEM, SOAR, CSPM, NDR, EDR / XDR, IDP, DAM, NAC, WAF, TVM, Email Security, Threat Intelligence Platforms, Security Validation Platforms, Penetration testing platforms, etc.

• Defining (in partnership with the relevant Business Owner) the requirements for our capability and identifying any gaps that require addressing.

• Partnering our Security Architecture colleagues in defining the capability roadmap.

• Supporting any Proof-of-Concept (POC) projects by providing expertise / advice, supporting the testing, and assisting in collating the results (including the creation of the business case where required).

• Being accountable for the deployment of our capability and ensure its adoption in all areas of the business including IT infrastructure, Hybrid Cloud, IT applications, OT, and IoT.

• Responsible for Service Management of our cyber security capabilities through our defined framework (e.g. ITIL).

• Collaborating with our Business Owners (e.g. SOC, Threat Intelligence, etc) and our suppliers to identify areas of improvement, optimisation, or opportunity - driving continuous improvement through our demand funnel.

• Responsible for raising incidents and issues with our suppliers and ensuring a quick resolution.

• Becoming a trusted advisor within the organisation that identifies areas of risk and provides technology-based solutions.

Main Accountabilities

• Being the Service Owner for all your assigned cyber capabilities and being responsible for the Service Governance of these capabilities.

• Responsible for overseeing the demand funnel and ensuring a continuous stream of improvement through each sprint cycle.

• Responsible for the deployment of our cyber capabilities against the architectural design (even if responsibility is delegate to project teams or suppliers) and adoption with our business owners.

• Responsible for compliance against Unilever policies, guidelines and standards especially those associated with platform / service ownership (cyber, CMDB, ITIL, etc).

• Partnering with our Business Owners (e.g. SOC, Threat Intelligence, Engagement, etc.) and our suppliers to ensure we drive value from every technology investment to reduce our Cyber Risk.

• Holding our technology suppliers and strategic partners (e.g. our Managed Security Services Provider or MSSP) to account.

• Responsible for supporting Security Architecture in developing their cyber technology roadmap.

• Responsible for supporting in Proof-of-Concept implementation, testing, analysis, and reporting.

• Self-skilling yourself to an appropriate technical level to perform your role and be continuous informed of evolving risks, technology trends, etc.

Qualifications and Skills

• A strong technical background in IT, IoT and OT.

• Excellent written and verbal communication skills including the ability to be understood by both technical and non-technical personnel.

• Stakeholder management and interpersonal skills at both a technical and non-technical level.

• Ability to manage conflicting priorities and multiple tasks.

• Ability to lead and deliver through others.

• Ability to work both independently and in collaboration with international teams.

• Outstanding analytical, critical thinking and problem-solving skills.

• Customer-orientated, whether responding to queries or delivering new services.

• Skills in Programme and Project Management.

• Understanding of security principles, frameworks, and technologies

• Knowledge in public cloud environments, network and system security concepts.

• Knowledge of current cybersecurity trends, threats, and best practices.

• Relevant certifications such as CISSP, CISM, or SANS GIAC are highly desirable.

• Basic experience with programming languages such as Python, Bash, PowerShell, etc is desirable.

• Familiarity with various security frameworks and standards (e.g., ISO 27001, NIST, MITRE, CIS).

Experience

• Previous experience in deploying Service Management models (e.g. ITIL, COBIT, CMMI, etc).  

• Previously held a role in Security Engineering, or IT Platforms.

• Experience with managing cloud, on-premise, OT, and / or IoT environments

• A working knowledge of Cyber Security capabilities including SIEM, SOAR, CSPM, NDR, EDR / XDR, IDP, DAM, NAC, WAF, TVM, Email Security, Threat Intelligence Platforms, Security Validation Platforms, Penetration testing platforms, etc.

• Experience with security governance, risk, and compliance standards and requirements.

• Experience in developing, deploying, and maintaining security solutions.

• Extensive experience in providing thought leadership, and driving a complex change agenda, and an ability to challenge the “status quo”.

• Excellent strategic and operational business awareness, with a deep understanding of the key drivers, levers, issues, and constraints of digital businesses.
  ​

Location

In September 2020, Unilever announced the intention to build a new sustainable campus site in Kingston, London to house the employees who currently work in 100 Victoria Embankment in Blackfriars, Lever House in Kingston, Unilever House in Leatherhead and Graze in Richmond. We are creating our own Unilever sustainable, agile work environment, purposefully bringing us together in our own Unilever ecosystem. The campus is due to be completed in early 2025 and will consist of two interconnected buildings, as well as landscaped surrounding areas.

What We Offer

Not only do we offer a competitive salary and pension scheme, we also offer an annual bonus, free gym, a discounted staff shop and shares. You’ll have the opportunity to work directly with our renowned and exciting brands in a flexible and hybrid working environment.

Whilst the role is advertised on a full-time basis, we would be happy to discuss possible flexible working options and what this may look like for you. We are a key advocate of wellbeing and offer a variety of support for our people including hubs, programmes and development opportunities. We strive to achieve a family-friendly and inclusive workplace and to, above all, create possibilities for all.

Diversity at Unilever is about inclusion, embracing differences, creating possibilities and growing together for better business performance. We embrace diversity in our workforce. This means giving full and fair consideration to all applicants and continuing development of all employees regardless of age, disability, gender reassignment, race, religion or belief, sex, sexual orientation, marriage and civil partnership, and pregnancy and maternity. We are also more than happy to provide reasonable adjustments during our application and interview process to enable you to be present your best self. To find out more, click here: Equity, Diversity & Inclusion

Recruitment Fraud

Cyber criminals advertise fake job adverts with prestigious employers as a way of stealing information or even defrauding individuals out of money. In the most sophisticated cases, they will set up fake websites, which have a similar address to companies like Unilever. They even conduct fake telephone interviews and then offer candidates a role with the proviso they pay a fee for background checks or to cover work visa costs. These types of attacks are becoming more common as more people are looking for employment in the economic climate.

How is Unilever tackling this?

Many of Unilever’s recruitment sites publish a warning to candidates about recruitment fraud. The Cyber Security team also proactively scan for signs of people setting up fake Unilever sites and act to close them down.

What can I do?

If you become aware of potential recruitment fraud, spot fake Unilever recruitment adverts or fake LinkedIn profiles, report them via Una Live Chat.

Unilever does not accept responsibility or liability for any candidates who are financially impacted by recruitment fraud. Your vigilance is key!