Information Security Officer
ST Microelectronics (Malta) Ltd
• The purpose of the job is to ensure that the ST information security framework is deployed,
with the objectives that information security risks are known and managed appropriately.
• The risks considered are those affecting the Confidentiality, Integrity and Availability of
Company data hosted on computer systems (servers, PCs, mobiles, IT applications, SaaS…)
and the cyber-attacks against industrial devices used for Company business.
• Perform regular reviews to detect gaps at the site vs. InfoSec framework
• Build and maintain the site InfoSec risks log, taking inputs from audits, site InfoSec reviews,
requests from departments at the site, requests from Central InfoSec, site InfoSec survey,
incident or anomalies
• Run the site InfoSec survey organized by Central InfoSec, ensuring complete, accurate and
timely response
• Ensure security in local IT solutions / industrial solutions, site services (such as physical
security, facilities and canteen systems), labs and warehouses
• Ensure that site services follow the security procedures (security in contracts, connection to ST
network, security for cloud services…)
• Provide the required infosec support to achieve the above objectives
• Promote InfoSec awareness campaigns and materials within the site, leveraging upon the
initiatives at company level from Central InfoSec
• Pro-actively propose initiatives to raise InfoSec awareness and, after agreement with Central
InfoSec, deploy them within the site
• Promote within the site the need to report InfoSec incident or anomaly using the right reporting
channel
• Use all opportunities to raise InfoSec awareness through the communication channels
available at the site
Qualifications
• A degree in Computer Science / Computer Engineering / Information Technology
• Ability to cover the entire scope of information security
• Expertise in several domains of cyber security (such as network, system, application, incident
management, awareness, vulnerability management, audit and risk assessment…)
• Experience in delivering security training and briefing sessions with management
• Ability to interact with people at all levels of the organization
• Excellent facilitation, communication and influence skills
• Ability to treat several topics in parallel, to "clarify the unknown", to translate technical aspects
into risks and to communicate on those risks
• Ability to consider short-term as well as longer term actions and to anticipate.
• Trustworthy and Rigorous.
• High level of autonomy and pro-activity