About the team:

Security and Privacy enables everyone in Orange Business Digital Services Europe (DSE) to perform business activities according to relevant security and privacy standards and regulations, as well as business requirements, and thereby contribute to the company reaching business goals. Our security and privacy strategy is aligned with the business strategy to ensure we use security and privacy not just as a compliance measure but also to drive innovation and business both internally and for our customers.

We firmly believe that good governance, security, and privacy will be achieved through an aware and competent workforce, using well-defined processes and frameworks, and tools that support our security policies and privacy framework. That is why we see security and privacy as interdependent on each other, not as silos, and why we have one common department that works with both areas in an aligned manner supporting each other and the business.

The Business Security Officer / Security Product Manager works closely with, and within, the Security and Privacy department, supporting and reporting to the Group CISO/Head of Security and Privacy, but also interacts with cybersecurity team, sales, DPO, technical staff, key account managers and service managers. Customer interaction and drive for product management is paramount, and can also include interaction with partners, sub-contractors, or other external parties.

The role and key areas of responsibility:

In this position, you will be combining two roles and reporting to Group CISO in the following capacity:

As the DSE Security Product Manager, you will work closely with the Group CISO (the owner of Security and Compliance portfolio), cybersecurity team (portfolio operators), sales, marketing, product managers, and the product team to manage and further develop the portfolio, help with market packaging, and provide services across Digital Services Europe (DSE), as a part of our Sovereign Cloud services. This includes understanding the market and customer needs, helping in keep the portfolio up to date, managing and maintaining the portfolio lifecycle, along with assisting different parts of the organization for delivery to customers. A key part of this is also to be the advisor on security products, internally in the local organization, but also externally towards the market and customers, supporting our security and privacy department, sales, delivery and marketing organization, providing both pre- and post-sales support. You’ll play a key part in supporting Group CISO in ensuring the portfolio is providing value to the organization and the customers.

As Business Security Officer - Norway you will work as a liaison for one or more customers in the Norwegian market, bridging the gap between the customer, the customer team in DSE, and other delivery units such as CyberSOC, Operations Center and Datacenter. This role is typically provided to customers with high security awareness, specific requirements and that must ensure compliance with different information security standards or frameworks. Your job will be to remain up to date on customer needs and ensure that DSE continues to design and operate our services, accordingly, including alignment with the security and privacy requirements. The BSO will also ensure ongoing reporting on security, risk, and compliance, both internally to the Group CISO and to the customers. Additionally, you’ll assist Group CISO in compliance with laws and regulations, such as EU GDPR and national data privacy legislation in each country of operation (in collaboration with the Data Protection Officer and the Group CISO), National/EU Security Act, etc. You will need to find ways to do internal control, provide reports to the customer and manage a customer security forum where you meet with your customers to align security efforts and improvement activities.

Job duties and responsibilities:

• As a part of the Security and Privacy team in DSE, assist in the continual improvement work, security strategy, risk management, privacy and security awareness efforts in the company.
• As the security product manager, assist Group CISO in keeping the portfolio updated, maintained, marketed, whilst supporting other key stakeholder needs such as those from marketing, sales, product management and service delivery.
• Internal control activities to ensure that agreed Security, Privacy & Compliance requirements are met.
• Be an advisor, internally and externally, to ensure we design, build and run services within the portfolio that fulfill these requirements.
• Keep yourself up to date with relevant market trends, laws, regulations, standards or frameworks, including ISO27001, PCI-DSS, CIS Controls and GDPR, including relevant national laws and regulations.
• Maintain a plan for recurring security related activities, and ensure they are executed.
• Support Group CISO in security and privacy strategy implementation, reporting and execution of the activities within the yearly wheel.
• Support Group CISO in internal and external meetings related to security and privacy management, security and privacy forums, risk management, compliance and reporting.
• Work closely with our Security Operation function in maintaining, updating and packaging Security and Compliance portfolio.
• Work closely with customer teams, to ensure that day-to-day operations comply with requirements.
• Perform reporting on Security & Compliance to your customer(s).
• Manage, or participate in, recurring Security Forum meetings with your customer(s).
• Act as a liaison between DSE and customers, to ensure security and compliance requirements are met.
• Act as a liaison between Group CISO and the organization to ensure security, privacy and compliance requirements are implemented, managed, controlled and audited.
• Support Group CISO to maintain up-to-date ISMS and reporting processes.

As an ideal candidate, YOU will have:

• At least 3 years’ experience of working in a service delivery environment.
• At least 3 years’ experience of working with product management.
• At least 1 years’ experience from roles with security responsibilities.
• Solid Security / Cyber Security knowledge and skills.
• Solid understanding of security and privacy enabling business.
• Solid understanding of product management and delivery.
• Very good written and spoken communication skills in English
• Intermediary to professional Norwegian skills, at least on B1 level.
• An ability to understand market drives for security and compliance portfolio.
• An ability to balance security requirements with business needs.
• Takes initiative as well as is willing to follow the lead.
• Good oral and written presentation skills.
• Experience in internal control and reporting.
• Desire to work in a team environment.

... it's not a requirement but it's nice if you also have:

• PCI-DSS, SOC2, CIS Controls, Swift or other relevant security frameworks / standards
• Participation in local, Nordic or international security communities
• A network of security professionals
• Datacenter / Network / Virtualization / Office infrastructure or similar
• Public cloud and cloud security (AWS / Azure / Google)
• Security certifications such as CISSP, CISM, CISA, ISO27001 Lead Auditor or similar
• Quality management standards and certifications such as Cobit and ITIL or similar
• Project Management or Service Delivery/Service Management skills
• Customer Success Management with regards to Security and Compliance

What can we offer you?

Read more about our Oslo office and benefits here.

Why choose Orange Business:

At Orange Business, part of the Orange group, you will become part of a team with committed colleagues who are genuinely interested in technology and its application. We are convinced that data is an exceptional but still underutilized resource. We work daily to unlock the potential of data to create positive impact.

Joining our team in Oslo means to join a respectful and safe environment, where everyone’s voice is heard and where you are encouraged to take initiative and cultivate ideas. You will get plenty opportunities to grow & develop. Whether at home or in the office, by playing together we create positive impact for our customers. Our offices are Great place to Work certified.

The process:

We will screen applications on an ongoing basis, with the aim of conducting conversations and meetings as we receive the applications.

Are you interested to read more about Orange Business? Visit our Website or follow our LinkedIn account.