• Job Description

  Req#: 6139

  Department: Technology and Information Department
  Location: Lausanne, Switzerland
  Contract Type: Open-ended
  Activity Level: 100%
  Entry date: 15.02.2023

  As the Cybersecurity Senior Manager, define, deliver and maintain Cyber Security architecture. You will also manage all aspects of Cyber security activity at the IOC organisation including but not limited to cyber risk management, Cyber security incident response, Cyber assurance for new projects and OCOGS. Additionally, you will also be in charge of leading and delivering the cyber awareness training programme for the IOC organisation, managing the IOC Cyber Security Services Provider (CSSP) to ensure the delivery of a comprehensive defence in depth Cyber Security strategy. You will also work closely with the Information security senior manager to ensure appropriate security controls in relation to information classification and data protection are delivered to the IOC. Lastly, you will support the Head of SAS on the cyber security programme for OCOGs in relation to governance and assurance.

  Main responsibilities

  Introduction

  • This is a unique and exciting opportunity to work for this iconic organization as the Cyber Security Manager. This role will provide the successful candidate the opportunity to adopt, further develop and deliver Cyber security strategy encompassing methodology and systems to ensure delivery of a best in class security posture for the IOC organisation.
  • The role will report to the Head of Strategy, Architecture and Security to support corporate security projects, related to technology and also support cyber security activities including governance and cyber security strategy review for the Organising Committees of the Olympic and Paralympic Games (OCOGs).

  Overview and Main Responsibilities

  • Oversee responsibility for the defined Cyber Security strategy, its implementation and management at the IOC. Evolve current Cyber Security controls, policy and procedures at the IOC and develop further with the CSSP to adapt based on current and foreseeable Cyber threats .
  • Support Head of Strategy, Architecture and Strategy in matters of Cyber Security assurance for OCOGs, NOCs and IFs.
  • The Cyber Security Manager is focused on ensuring the delivery of the following:

  Governance

  • Ensure successful delivery and ongoing improvements from the CSSP to ensure IOC is protected from against complex and sophisticated cyber threat actors
  • Manage the CSSP to ensure all agreed controls, awareness training, policies and procedures are delivered to the expected quality including ongoing updates based on threat landscape
  • Support the delivery of the ISMS in collaboration with the Information Security manager to ensure appropriate controls and policies are in place to protect IOC data assets
  • Deliver Cyber Security awareness programme with CSSP and Information Security Manager
  • Deliver with support of 3rd party frequent and on/demand Security Penetration Testing on IOC IT services and data assets
  • Build and continually manage the cyber security organization for the IOC
  • Support the Information Security Manager in the delivery and maintenance of an organisation-wide Cyber security risk assessment, liaising with all departments of the IOC.
  • Develop and deliver with Support of the CSSP the IOC wide cyber security strategy
  • Develop, document and maintain IOC Cyber security policies, procedures and standards across the organization and monitor compliance amongst employees, contractors and other third-parties. This includes monitoring compliance.
  • Develop, explain and manage relevant lines within the IOC Security budget
  • Ensure defence in-depth cyber security architecture for IOC IT services encompassing security controls, process, procedure, and security operations capabilities are adopted through use of internal and outsourced resources (CSSP)
  • Ensure cyber risk management is delivered and maintained so that risks are identified, and appropriate mitigation actions are applied
  • Manage and where necessary delegate to CSSP all aspects of vulnerability management for the IOC IT landscape
  • Ensure IOC organisation cyber security posture is in line with business requirements and relevant threats
  • Manage and where necessary delegate internal and external security audits
  • Provide ongoing support to the Head of Strategy, Architecture and Security activities related to cyber assurance for OCOGs on cyber security best practices
  • For Artificial Intelligence related services, ensure adequate governance and assurances are carried out to ensure AI capabilities do not negatively impact the cyber security posture of the IOC and its data assets

  Training & Awareness

  • Define and deliver an IOC-wide security awareness program.
  • Support delivery of a full information and cyber security training program for all IOC staff
  • Test and measure the effectiveness of the security awareness programs with support of the CSSP

  Consulting & Advice/Assurance

  • Ensure a good relationship between IOC and CSSP, MSP in respect to governance encompassing both IOC administration and digital strategy
  • Support IOC business in the adoption of the NIST Framework for improving Infrastructure for Cybersecurity.
  • Manage new IT security needs when and where required by the IOC
  • Where necessary engage with OCOG and other 3rd parties to assist in assurance exercises in relation to cyber security

  Incident Response, Business Continuity & Crisis Management

  • Support the development, roll-out and testing of the IOC’s business continuity plans with the Information Security manager.
  • Support the training and testing of Business Continuity scenarios, with IT Security and IOC Crisis Management.

  Cyber Threat Intelligence

  • Overall responsibility for IOC’s cyber threat intelligence monitoring and response capability.
  • Support the Head of SAS the development, monitoring and vendor management for cyber threat intelligence monitoring platform with IOC specific information and keywords.
  • Ensure delivery and ongoing development of IOC cyber threat intelligence platform to ensure threat intelligence related to Olympic movement is available to key IOC stakeholders
  • Collect, analyse and collate relevant cyber threat information from various sources and disseminate to relevant stakeholders.
  • Ensure adequate cyber threat intelligence is delivered through key providers
  • Ensure the successful integration of Cyber Threat Intelligence platform to IOC security monitoring tools in collaboration of the CSSP

  Our requirements

  • Recognized experience in a corporate security setting with responsibility for cyber security programs.
  • Proven record of Cyber security related incident and crisis management.
  • Formal Cyber security qualification (CISSP, CSM and CCSP or equivalent) with experience of building an Cyber Security programme is preferred.
  • Strong Cyber Security skills for enterprise architecture including public, private and hybrid cloud platforms
  • Strong knowledge and experience in leading edge Cyber security tools and controls
  • Strong experience in engagement, management and delivery of a cyber security programme with a CSSP or equivalent
  • Strong background in both Cyber security management
  • English or French fluency, with excellent writing and speaking of the other language.
  • Excellent command of the corporate tools and ability to follow the internal user rules (Outlook, etc.).
  • Experience of the design and delivery of training is a significant advantage.
  • Proven knowledge advantageous for related standards and regulations, such as ISO/IEC 27001, 22301.
  • Experience in delivering organisation-wide security awareness programs.
  • Experience in supporting the design, implementation, managing and testing business continuity programs in a corporate environment.
  • Experience in managing corporate security related Threat Intelligence, including knowledge of relevant security monitoring tools and subscription services. Experience with Cyber Threat Intelligence is an advantage.
  • Ability to produce clear written material and communicate information in a clear and understandable manner to non-technical stakeholders and the most senior leadership of the organization.
  • Experience of operating with a high level of autonomy and the ability to manage others to ensure delivery to agreed timescales.
  • Specific physical security, event security, people security, and crisis management experience in a corporate setting are a significant advantage.

  Come and join an organisation where the spirit of inclusion, gender equality and diversity is embedded in its DNA and which focuses on what unites us – a passion for sport and its values. Work in a flexible and rewarding environment which offers competitive employee benefits and numerous incentives to live a sustainable, healthy and active life. By joining us, you become part of the Olympic Movement and help to build a better world through sport. You will have the opportunity to work with people of more than 70 nationalities.

• About the company

  Official website of the Olympic Games. Access breaking Tokyo 2020 news, plus records and video highlights from the best historic moments in global sport.

Notice