JOB TITLE: Cyber Risk Framework Manager
LOCATION: UniOps, Bangalore
Be part of the world’s most successful, purpose-led business. Work with brands that are well-loved around the world, that improve the lives of our consumers and the communities around us. We promote innovation, big and small, to make our business win and grow; and we believe in business as a force for good. Unleash your curiosity, challenge ideas and disrupt processes; use your energy to make this happen. Our brilliant business leaders and colleagues provide mentorship and inspiration, so you can be at your best. Every day, nine out of ten Indian households use our products to feel good, look good and get more out of life – giving us a unique opportunity to build a brighter future.
Every individual here can bring their purpose to life through their work. Join us and you’ll be surrounded by inspiring leaders and supportive peers. Among them, you’ll channel your purpose, bring fresh ideas to the table, and simply be you. As you work to make a real impact on the business and the world, we’ll work to help you become a better you.
Unilever Operations (UniOps) is the global technology and operations engine of Unilever offering business services, technology, and enterprise solutions. UniOps serves over 190 locations and through a network of specialized service lines and partners delivers insights and innovations, user experiences and end-to-end seamless delivery making Unilever Purpose Led and Future Fit.
Business Context and Main Purpose of the Role
Unilever is one of the world’s leading suppliers of Food, Home, and Personal Care products with sales in over 190 countries and reaching 3.4 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Persil, Dove, Knorr, Domestos, Hellmann’s, Wall’s, Ben & Jerry’s, Marmite, Magnum, and Lynx. Faced with the challenge of climate change and the need for human development, we want to move towards a world where everyone can live well and within the natural limits of the planet. That’s why our purpose as Unilever is ‘to make sustainable living commonplace’.
At Unilever, we’re determined to achieve a culture where everyone can thrive, a culture where all individuals are treated fairly and respectfully, and where their uniqueness is celebrated. We’re taking a holistic approach that focuses on how we can use the scale and reach of our business to have the greatest impact in our own workplace and beyond. We’ve set clear goals to eliminate any bias and discrimination in our policies and practices, accelerate diverse representation in our leadership, and remove barriers for people with disabilities. At the same time, we’re setting out to spend more with diverse businesses and increasing representation of diverse groups in our advertising. Find out more about our work with equity, diversity, and inclusion on our website (https://www.unilever.com/planet-and-society/equity-diversity-and-inclusion/) .
Unilever’s Cyber Security organization is a multi-disciplinary team responsible for protecting the Confidentiality, Integrity and Availability of our Information and Operations. Our Cyber Security organization runs a 24×7 Security Operations Centre, oversees a robust Security Architecture and associated technology landscape, provides Cyber Security Solution Engineering and Risk Advisory to our business, and assesses the security of our vast technology estate, including factories, to name but a few areas. Cyber Security sits as part of the Business Operations organisations, as a peer to Unilever’s Technology and Data functions and the broad Supply Chain agenda. Cyber Security is tasked with elevating, reporting on and influencing cyber risk mitigation across Unilever. The Cyber Security function is made up of the Governance, Risk, Assurance, and Compliance (GRAC) team, the Tech & Ops team, the BISO teams, and the Office of the CISO.
Using a risk led and threat informed approach, this critical role will ensure we have a robust framework for identifying, assessing and reporting cyber risk to support the prioritization of treatment in line with Unilever’s risk appetite.
At its core, the purpose of the role is to surface cyber risk and drive informed decision-making. The primary outcome will be to enable the Business Information Security Officers (BISOs), Technical Information Security Officers (TISOs) and Information Security Leads (ISLs) to drive cyber risk remediation and, therefore, cyber risk reduction throughout the Unilever business.
The Cyber Risk Framework Manager will sit within Unilever’s Cyber Security function. The successful candidate will be responsible for the execution, oversight and governance of Unilever’s Cyber Risk Management Framework, both centrally and by the wider cyber security leads across Unilever.
The role will ensure a consistent approach is used across the organisation for Cyber Risk management, in terms of identification, scoring, prioritisation and risk-decision making. Key to this role is the maintenance of the formal Framework and the provision of education, communication, support and oversight to those stakeholders involved in its execution. The role holder will also be accountable, with Risk Analyst support, for ensuring risk management tooling is correctly configured and risk data maintained.
The successful candidate will ensure a regular refresh of data used within the Risk Register and supporting framework components. Working with Cyber team colleagues, this includes data for cyber threat intelligence, vulnerability analysis and impact analysis. The Cyber Risk Framework Manager will also ensure that risk treatment decisions are formally captured, including risk acceptance, and that validation/sign-off occurs at the correct point of seniority within the organisation.
The role holder will use their subject matter expertise to provide consultancy support to the wider Cyber leadership team , acting as a source of advice and education for those operating cyber risk management. The successful candidate will be expected to remain up to date regarding industry risk management methodologies; and support the Senior Risk Manager in continuously evolving and improving the framework/register.
The Cyber Risk Framework Manager will support the interpretation and effective communication of risk analysis output to enable meaningful and impactful risk reporting and decision making. As such the role is instrumental in helping Unilever effectively manage cyber risk across the global organization.
Execute the Cyber Risk Framework, ensuring its consistent use across the BISO/TISO organisation.
Create formal risk statements and define the templates for how we communicate Cyber Risk.
Ensure Framework integration/alignment with other Frameworks (e.g., Enterprise/Privacy/3rd Party)
Enable the aggregation of BISO/TISO risk registers for an enterprise view of the cyber risk landscape.
Engage with the Enterprise Risk team e.g., for fulfilment of the Risk Control Statement & updates.
Support the cyber insurance review, documentary submission and associated processes.
Coordinate the operation of quarterly Cyber Risk Boards and subsidiary risk meetings
Key Skills and Relevant Experience
A suitable candidate will have:
Subject matter expertise in developing, maintaining, operating and governing Risk Management frameworks.
Excellent written and verbal communication skills, and the ability to be understood by both technical and non-technical personnel
The ability to manage conflicting priorities and multiple tasks in order to meet key deadlines.
Stakeholder management and interpersonal skills at both a technical and non-technical level.
Ability to work in a collaborative environment.
Ability to drive process teams to understand reporting situation, explores options and come to consensus on preferred solution.
Strong presentation skills.
Ability to work with internationally located stakeholders.
Ability to work with vague requirements to build prototypes/sketches and go through multiple iterations before agreeing on a workable solution.
A suitable candidate will have:
Experience in Cyber Security, preferably in a Governance, Risk and Compliance (GRC) role.
Experience developing, maintaining, operating and governing Risk Management Frameworks.
Experience within a customer-focused environment.
Understanding of global best practice standards (e.g. NIST, CIS, ISO), Information Security standards and controls, and the “three lines of defence” model for appropriate segregation of duties and risk transparency.
Candidates would be required to demonstrate the Unilever Standards of Leadership & live the Values through showing the following behaviors:
Agility – Flexes leadership style and plans to meet changing situations with urgency. Learns from the past, envisions the future, has a healthy dissatisfaction with the status quo.
Personal Mastery – Actively builds wellbeing and resilience in themselves and their team. Has emotional intelligence to take feedback, manage mood and motivations, and build empathy for others. Sets high standards for themselves and always brings their best self.
Passion for High Performance – Inspires the energy needed to win, generating intensity and focus to motivate people to deliver quality results at speed.
At HUL, we believe that every individual irrespective of their race, colour, religion, gender, sexual orientation, gender identity or expression, age, nationality, caste, disability or marital status can bring their purpose to life. So apply to us, to unleash your curiosity, challenge ideas and disrupt processes; use your energy to make the world a better place. As you work to make a real impact on the business and the world, we’ll work to help you become a better you!
Job Category: Information Technology, IT, Informatique
Job Type: ISS Info Security Manager