The Security Director for the EMEA region will be an individual with experience working at country or regional level with core skills in security and risk management. They will be motivated and able to work with little direction and able to set their own agenda for day to day work. Networking and collaboration will also be strong competencies and liaising with the directors in APAC and AMERS is essential in order to achieve global alignment (there is no Global Security lead).
Security services are delivered through an outsourced model and therefore managing contacts and a partnership style relationship with our suppliers for manned guarding, travel security, site security equipment and incident management are key to success in this role.
The position reports up through Global Real Estate
ELEMENTS COMMON TO ALL WORK STREAMS/PROGRAMMES
- To create strong, open and direct relationships with senior stakeholders to support growth. This includes senior business leaders, HR, Corporate Communications, Information Technology (including Information Security), site representatives, Editorial Safety & Security.
- Build rapport with them through regular communications and interaction. Understand the key business drivers and strategy of Thomson Reuters.
- Add value to business units by strong delivery of risk and security services and advice so they can achieve their objectives, generate growth and create competitive advantage through audit and compliance alignment and readiness activities, particularly at audit-liable data centres.
- Build a healthy partnership with the Integrated Facilities Management providers. The partnership approach should be a mutually satisfactory business arrangement where agreed joint goals and objectives are achieved. The management and development of the vendor staff is specifically the responsibility of the vendor parent company
GLOBAL SECURITY OPERATIONS CENTRE
- A new GSOC is being created in the US. The role will assist the AMERS Security Director to set this up and bring it to full maturity.
INCIDENT MANAGEMENT & EMERGENCY RESPONSE
- To provide professional expertise and management of the incident management programme, including leading the production of plans, training and exercising
- Enable support and direction on all aspects of incident management and emergency response to business functions to ensure consistent application and link with other resilience programs (business continuity, disaster recovery, information security) in the business. Promote and disseminate best practice in resilience management across the organization.
- To represent the organization externally and develop the business reputation for incident management
- Take the lead when a significant incident occurs that requires an incident management team to be stood up
- Ensure that emergency/incident communications for Thomson Reuters’ businesses and leadership is provided in the region. This includes SITREPS / SPOTREPS on the environment, developing scenarios or on real time incidents specifically impacting our business.
- Ensure that the business receives business support and situational awareness to mitigate risks and facilitates the business operation. This will be mostly provided by GSOC but the role should be well grounded on the geopolitical environment and events that could affect our business
- Manage the situational awareness process from the initial point: detect-assess-respond-escalate to support where required (incident management, travel security).
TRAVEL & EVENT SECURITY
- Drive the travel security program in partnership with vendors and GSOC to ensure that the business receives appropriate support and advice before, during and after business travels (medical, safety and security).
- Develop and enhance a framework for the travel security programme including security escorts for high risk countries where appropriate
- Ensure that bespoke travel Support is provided, e.g. through travel security assessments and intelligence products for any staff travelling to high risk countries
- Provide risk assessments and on-site support if required for major company events
- Maintain records of what is installed at TR facilities in terms of access control, CCTV and other physical security technology. Oversee the planning of upgrades, renewals and projects
- Work to bring the ACS aspects into an enterprise solution based on C-Cure 9000, the company standard for ACS
- Maintain appropriate standards for data privacy by ensuring policy is adhered to and adjusted when regulations change
- Work with FM to use security access data to enable us to make most efficient use of our facilities and any consolidation projects or new sites
- Oversee and review the use of manned guarding in conjunction with security technology to deliver appropriately secure work facilities
AUDITS & CLIENT ASSURANCE
- Manage the process of audit readiness and hosting of audit teams to sites that are certified
- Provide responses to external client requests for due diligence
- Align dedicated global programs and audit activities.
- Be knowledgeable of the contract and service deliverables as well as the charging mechanism agreed.
- Analysis of monthly and quarterly metrics in order to ensure service delivery and to make improvements
- The day to day security operations, particularly for electronic security and manned guarding are the responsibility of the third party firm and should need only light touch attention
- Develop and manage the global assurance programme and conduct high level assurance reviews of key business processes.
- Identify opportunities for cost reduction. Monitor vendor CAPEX initiatives and review business cases for CAPEX for security installations
- Working with sourcing for the selection of vendors for delivery of security infrastructure projects or services
- Thoughtful management of services to ensure resources are used as effectively and cost efficiently as possible
- Give briefings to senior leaders on the risks and threats to the business and the mitigations available to reduce the risk to acceptable levels. Understand and help the business set it’s appetite for risk.
- Develop strong relations with GSOC, other global security team members and across security hubs.
PROCEDURES & TRAINING
- Support vendors in the development and implementation/maintenance of appropriately scaled procedures for the function. This to include training staff, updating, rehearsal, practice and exercising. Full after action reviews following training or real-time incident response.
- Coaching of staff and key stakeholder groups in incident response; plan development and associated
- Take best practice from elsewhere including professional bodies and institutes and use it to support Thomson Reuters, balancing excellence with cost effectiveness and the realities of what is financially possible in terms of resilience and security provision
EXPERIENCE, SKILLS & PERSONAL ATTRIBUTES
- Security Experience; risk and security management at major firm or country level essential. Experience above country level desirable
- Incident management; demonstrable experience of incident management; risk assessment, business impact assessment, plan production, delivery of training, managing real incidents – essential. Desirable – knowledge of or accreditation in BS25999(BCM), BS 31100 (Risk Management), PAS 200 (Crisis Management – Guidance & Good Practice), ISO 27001, SOC audits (Information Security Standard).
- Judgement & analysis; ability to analyse data and make sound decisions. Able to stay calm, focussed and positive during a crisis situation, look at the available information and make judgement calls under pressure. Able to adjust priorities in rapidly changing circumstances whilst maintaining focus on the key deliverables. Able to take in large amounts of information, sift, discard and retain the key elements. A willingness to challenge the headlines or accepted status quo if the facts indicate a different picture.
- Communications; strong communicator – written, presentations and ad-hoc verbal briefings, in particular the ability to write well. Comfortable briefing senior business managers and groups. Ability to generate trust and rapport with key stakeholders across the business and buy-in from others to new ideas through influence and assertiveness.
- Resource Management; management of data, budget, contracts and time.
- Leadership and People management; experience of employee and vendor personnel management essential. High level of personal initiative, motivation and integrity essential. Experience of change management and team leadership highly desirable.
- Flexibility and Travel; ability to respond outside routine hours. Travel – be prepared for 15 to 20% of time.
- Education; Honours degree or equivalent diploma essential. Masters degree desirable
At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one - collaborating to reach shared goals, and developing through challenging and meaningful experiences. With more than 45,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance - and their own.
As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.
Intrigued by a challenge as large and fascinating as the world itself? Come join us.
To learn more about what we offer, please visit thomsonreuters.com/careers.
More information about Thomson Reuters can be found on thomsonreuters.com.