Platform Cloud Security Manager

**Title: Platform Cloud Security Manager

Reporting Into: Lakshmiprasad KK (Prasad)

Location: UK - Port Sunlight Office

Work Level : 2A
Business Context and Main Purpose of the Role**
Unilever is one of the world's leading suppliers of Food, Home, and Personal Care products with sales in over 190 countries and reaching 3.4 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Persil, Dove, Knorr, Domestos, Hellmann's, Wall's, Ben & Jerry's, Marmite, Magnum, and Lynx. Faced with the challenge of climate change and the need for human development, we want to move towards a world where everyone can live well and within the natural limits of the planet. That's why our purpose as Unilever is 'to make sustainable living commonplace'.

At Unilever, we're determined to achieve a culture where everyone can thrive, a culture where all individuals are treated fairly and respectfully, and where their uniqueness is celebrated. We're taking a holistic approach that focuses on how we can use the scale and reach of our business to have the greatest impact in our own workplace and beyond. We've set clear goals to eliminate any bias and discrimination in our policies and practices, accelerate diverse representation in our leadership, and remove barriers for people with disabilities. At the same time, we're setting out to spend more with diverse businesses and increasing representation of diverse groups in our advertising. Find out more about our commitment to equity, diversity, and inclusion on our website.

Unilever's Cyber Security organization is a multi-disciplinary team responsible for protecting the Confidentiality, Integrity and Availability of our Information and Operations. Our Cyber Security organization runs a 24x7 Security Operations Centre (SOC), oversees a robust Security Architecture and associated technology landscape, provides Cyber Security Solution Engineering and Risk Advisory to our business, and assesses the security of our vast technology estate, including factories, to name but a few areas. Cyber Security sits as part of the Business Operations organisations, as a peer to Unilever's Technology and Data functions and the broad Supply Chain agenda. Cyber Security is tasked with elevating, reporting on and influencing enterprise cyber security risk mitigation across Unilever. The Cyber Security function is made up of the Governance, Risk, Assurance, and Compliance (GRAC) team, the Tech & Ops team, the BISO teams, and the Office of the CISO.

Role Purpose
This Cloud Security Manager role is tasked with securing our Cloud systems globally. This includes cyber risk assessment covering our cloud estate, including for third parties, and representing to the IT Platform Teams our central security services, applying those services to determine gaps in the security posture and consulting on appropriate risk mitigation approaches, managing security exceptions and participating in cyber incident response where relevant. The aim will be frictionless security, enabling the business to achieve their output and uptime goals through cyber resilience and a strong cyber security culture. These activities will be conducted with a 'Risk Based' approach to help individual businesses manage cyber and cloud security risk in their area.

The position calls for an individual with strong communication and influencing skills, who can roll their sleeves up tactically to understand business operations, digital transformation, cloud, applications, information technology (IT), operational technology (OT), internet of things (IoT) and Cybersecurity. This leader will utilize her/his knowledge and experience to assist with the implementation of an effective global cyber security program that ensures the overall cyber security posture of the company is aligned with business needs and balanced to protect in the evolving threat landscape.

Role Summary
Successful candidate will be responsible for the security of our Cloud systems globally. This management position will report to the Sr. Cloud Security Lead within Platform Security and will work closely with IT Platforms and Enterprise Architecture and Engineering teams.

Key areas under this role within the Tech & Ops team include:

• Cyber security solution engineering and risk advisory for our cloud systems globally, assuring appropriate risk identification, assessment, mitigation, and reporting.
• Ensuring the deployment and running of security tooling, in conjunction with the Global Digital & Technology team.
• Securing our Cloud systems globally.
• Advising on best practices on cyber elements of business initiatives where relevant to Cloud security.
• Tailoring cyber training and awareness in alignment and partnership with the Cyber Training and Awareness Lead.
• Playing an active role in the definition and iteration of the Unilever Cyber Security transformation relevant to Cloud security.
• Continuously explore and implement cost effective measures to optimize security investment where relevant to Cloud security.
• Influencing a broad range of stakeholders in various teams across the business, including IT architects, developers and engineers, program managers, and business data owners where relevant to Cloud security.
• Maintaining and effectively directing the timely closure of security exceptions in businesses while reporting status to the Governance, Risk, Assurance and Compliance (GRAC) team.
• Providing standards and controls feedback, based on local implementation requirements to the GRAC team to help shape global policies and standards.
• Define As-Is and To-Be state for Cloud security while working in close partnership with Enterprise architecture, Security architecture and IT Platform teams.

Main Accountabilities

• Responsible for securing our Cloud systems globally.
• Responsible for advising on cyber security best practice of business initiatives hosted on Cloud.
• Responsible for playing an active role in the definition and iteration of the Unilever Cyber Security transformation where relevant to Cloud security.
• Continuously explore and implement cost effective measures to optimize security investment where relevant to Cloud security.
• Responsible for driving and tracking remediation of Cloud risk and Exceptions to Policy.
• Responsible for supporting other security engagement managers on cloud security and proposing central remediation activities where possible.
• Support the decision making related to cloud native tools with Security Architecture.
• Responsible for maintaining a security champions network for cloud.
• Work closely with security champions to implement improvements in response to assurance findings related to Cloud Platform Services.
• Responsible for working with multiple teams to facilitate decision making for critical cyber risk in the Unilever Cloud technology space.
• Responsible for working closely with Cyber Standards and Controls team to define and modify cloud related baseline controls.
• Responsible for working closely with the Security Engineering team in the deployment of new security tools and governance of existing global security tools in cloud estate.

Skills

• Excellent written and verbal communication skills and able to be understood by both technical and non-technical personnel.
• Proven ability to lead, develop, and motivate a team.
• Curiosity to learn new concepts and technology and a good attention to detail.
• Understanding of infrastructure, architecture and design.
• The ability to lead through accountability with delegated responsibilities.
• Ability to manage conflicting priorities and multiple tasks.
• Stakeholder management and interpersonal skills at both a technical and non-technical level.
• Outstanding influencing ability.
• Able to work in a collaborative environment with international team members.
• Outstanding critical reasoning and problem-solving skills – sticking to the problem until it is resolved.
• Customer-orientated, whether responding to queries or delivering new services.
• Skills in Program and Project Management.

Experience

• The role holder will have previously held a role in Cyber Security, experience in Cloud security will be a plus.
• Technical knowledge of Cloud security architecture is desirable.
• Experience with Azure cloud hosting and security best practice is a plus. A relevant certification is also a plus.
• Understanding of Google Cloud Platform.
• Proven experience in providing thought leadership, and driving a complex change agenda, and an ability to challenge the "status quo".
• Excellent strategic and operational business awareness, with a deep understanding of the key drivers, levers, issues and constraints of digital businesses.
• Experience within a customer focused environment.
• Knowledge of the applications or the technical landscape within the domain and experience of delivering Cyber Security projects to its demands.

Preferred Qualification

• Bachelor's degree in computer science, Information Technology, or Engineering.
• 12–15 years of progressive experience in cloud security and governance with direct leadership of large-scale framework rollouts.
• Proven, hands-on track record of implementing NIST SP controls across Azure, GCP, and AWS at enterprise scale.
• Demonstrable expertise operating CNAPP (Wiz) for posture evaluation, control mapping, and executive reporting.
• Experience building policy-as-code guardrails and integrating security controls into CI/CD pipelines.
• Strong cross-cultural communication skills and executive stakeholder management experience.

Behaviours
Candidates would be required to demonstrate the Unilever Standards of Leadership & live the Values through showing the following behaviors:

• Agility – Flexes leadership style and plans to meet changing situations with urgency. Learns from the past, envisions the future, has a healthy dissatisfaction with the status quo.
• Talent Catalyst – Develops and magnifies the power of people. Creates an inclusive climate, empowering everyone to be at their best. Investing in people, coaching individuals, and teams to realise their full potential. Continually inspires powerful collaboration.
• Passion for High Performance – Inspires the energy needed to win, generating intensity and focus to motivate people to deliver results at speed.