IT/IS Security Manager

IT/IS Security Manager

- - - - - - - - - - - -

MISSION

Acts as the primary point of contact for all application and business systems, IT/IS security-related aspects within their entity and ensures alignment with the management team for the implementation and adherence to security rules and practices and to minimize the related risks.

KEY EXPECTED DELIVERABLES:

• The roadmap for the area of responsibility is developed, updated, and communicated to stakeholders in alignment with the orientations and objectives set by the group security team.
• Collaborates with DCTI/SSI to define the security roadmap for their entity, communicates it, and supports its adoption.
• Security requirements are integrated into projects and day-to-day operations of business and technical teams, including maintaining the security posture of infrastructures and solutions, managing obsolescence, and handling risks.
• Provides the necessary support to project teams and day-to-day operations to ensure security requirements are effectively implemented (e.g., action plan follow-ups after penetration tests, MGSR).
• Deploys the "Security by Design" approach within their entity and contributes to security education and training.
• Participates in the security representatives network across entities and monitors various ad-hoc topics initiated by the group security team.
• Ensures technology and innovation watch for security aspects specific to their entity, aligned with the entity’s needs and prescriptions (non-specific aspects are managed by other entities).
• Conducts and provides initial support for risk analyses for the application scope of their entity, contributing to vulnerability detection and remediation (e.g., EBIOS analysis, vulnerability scans, patch forums).
• Promotes and disseminates security best practices and guidelines, including managing a network of security contacts/participants within their entity.
• Acts as the backup for the Technical Team Lead.
• Co-organizes and co-leads security/technical workshops and the DevOps network for the R&D Domain.
• Verification actions and the capitalization of best practices from the field are conducted.
• Contributes to the development of personnel in their entity on security-related aspects.
• Consolidates various security reports to provide clearer status updates to project teams.

EXTERNAL CANDIDATE PROFILE

• Bachelor's Degree in Computer Science, Information Technology or equivalent from a recognized university.
• 4 - 5 years of experience in information systems security.
• Strong understanding of security frameworks and best practices.
• Experience with security assessment tools, intrusion detection/prevention systems, and network monitoring.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills to effectively work with technical and non-technical stakeholders.
• Relevant certifications such as CISSP, CISM, or CISA would be preferred.

​

Michelin’s Global IT team based at Orion City, Colombo includes over 100 authentic and industrious achievers from different backgrounds. This role collaborates closely with team members, senior management, and a variety of stakeholders in Michelin group entities.

Michelin Lanka is an equal opportunity employer and is committed to a diverse and inclusive workplace. Non-discrimination is a non-negotiable cornerstone of Michelin's diversity and inclusion policy.