Heineken - Service Security Officer (Updated)


NIST, ISMA, Compliance, ISO27001

We are recruiting a Service Security Officer


Your Mission:


Sociedade Central de Cervejas e Bebidas and Novadis are entities part of the Portuguese Operating Company (SCC), owned by HEINEKEN.


The D&T information Security Officer safeguards and ensures that security procedures are in place for every D&T project and the running operations for SCC, in order to control & protect the information assets being used by the organization and contribute to business continuity (e.g. avoiding IT operations disruption due viruses and/or vulnerabilities not protected).


Provides full support for (1) Operational IT Security in all the OpCo systems and solutions, (2) Security Strategy & Standards implementation for all IT OpCo Solutions/Applications (hardware and software), (3) Security Compliance monitoring, measurement and recommendation to comply with standards, (4)

Security Incident management, resolution, reporting and recommendation in order to avoid future incidents to all OpCo’s and global solutions/areas, and (5) Roles & Authorisation Strategy & Standards for all OpCo IT solutions.


Who will you report to: D&T Director


Location: Vialonga


Your Responsibilities:

  • Advises, communicates and ensures implementation of the global security standards & procedures by the local OpCo business and D&T team.
  • Continuously assesses compliance of the OpCo versus the Information Security Standard (ISS) by testing the ISS controls as detailed in the Information Security Procedure (ISP).
  • Develops and manages the Information Security action plan to address identified risks and non-compliances.
  • Is the IT Security Advisor for the OpCo in any IT security breach or new initiative, driving investigations:
  • in case of breaches of HEINEKEN’s Code of Business Conduct;
  • if the OpCo faces any critical IT security incidents or breakout, is responsible as the local security incident lead to resolve with the OpCo IT Managers in consultation with the Global Security Officer, IT Regional Directors and Service Line Managers.
  • Identifies and performs independent analysis to resolve complex first-time issues including the analysis of technical and economic feasibility of proposed security systems/solutions.


  • Is responsible to assist the global security operations team for any IT technical audit (e.g. Ethical Hack) to any OpCo IT infrastructure or service that a 3rd Party offers to HEINEKEN with a valid and open contract to ensure that security policies are in place.
  • Identifies and organizes improvements in Roles & Authorizations for the OpCo systems, keeping Heineken secure.
  • Advises OpCo operations teams for security requirements (e.g. Patching, Anti-Virus, Upgrading, firewalls, VRFs, etc.).
  • Provides knowledge and expertise on IT Operational Security matters for local Service Line Managers.
  • Analyses and recommends improvements on security related monitoring and auditing activities.
  • Manages, develops, improves and assists in the annual deployment of the Security Awareness Program within the OpCos.
  • Defines, designs and deploys ongoing educational assets to improve security across the OpCo.
  • Is responsible for identifying potential risks and recommendations on how to prevent and/or avoid that risk for inclusion in global operational security strategy.
  • Collaborates with the regional Information Security & Risk Management Manager to understand and develop further the controls and processes required to improve information security.
  • Collaborates with P&CI to define OpCo Roles & Authorization strategy, in alignment with Audit and Global guidance.


We want you to bring:

  • Degree in Technology or Information Management
  • Certification on different IT Security Topics such as CISA/CISM/CIISP/CEH/CSTA/CSTP/CFIS etc.
  • >6 years working experience in a similar environment required.
  • Has worked with relevant market standards such as ISO 27001, COBIT and relevant laws and regulations such as privacy laws.
  • Able to work in a cross functional environment, preferably a background in the FMCG industry
  • Sense of business urgency and safe-cautious mind to close critical gaps and reduce any security breach
  • Flexibility to adjust to multiple demands, shifting priorities, ambiguity and rapid change
  • Knowledge about Active Directory and SAP roles concepts & design
  • Display professionalism, customer service attitude, attention to detail and quality
  • Good interpersonal skills with the ability to form effective relationships with other cultures and support peers and managers.
  • Develop self and others through continuous learning, sharing best practices, knowledge and expertise.
  • Excellent language skills in English.
  • Portuguese (fluent)



Outras frameworks:


» ISMA Compliance

Want to know more? Get in touch with us ๐Ÿ‘‡
I allow DAMIA GROUP to store and process my personal data. My information will be handled in accordance with DAMIA GROUP Privacy Policy*
Download 2024 Benchmark
× Reach out!