Head of IT Sec AS Attack Surface Mgmt

Job Description

About our opportunity We are part of the global CIO function tasked to deliver world-class built-in security in Ericsson. Our 100+ employees organization is global with the main hubs located in Sweden (HQ), India, USA, and the Philippines. We are inviting the application for Head of IT Sec AS Attack Surface Management. In this role, you will have the chance to be part of a passionate global team dedicated to fulfilling Ericsson s emerging journey building a strong, resilient, purposed and sustainable IT Security capability. Mandated to protect our company assets from emerging threats and risks, you will together with your colleagues lead the way to develop the future IT Security concepts and technology roadmaps in Ericsson You will Define and execute the enterprise-wide strategy for attack surface management aligned with the broader cybersecurity roadmap. Build and lead a high-performing ASM team covering asset discovery, vulnerability management, cloud security, penetration testing, and red teaming. Partner with business, IT, DevOps, and architecture teams to embed ASM principles in solution design and lifecycle. Oversee continuous asset discovery and inventory (including shadow IT, rogue systems, and exposed services). Manage vulnerability identification, classification, prioritization, and remediation across infrastructure, applications, and cloud environments. Lead API and third-party attack surface monitoring and ensure proactive risk reduction. Drive adoption of ASM platforms, exposure management tools, and threat intelligence integrations. Define KPIs, KRIs, and reporting for ASM effectiveness and risk posture across business units. Ensure alignment with security frameworks (e.g., NIST CSF, ISO 27001, MITRE ATT&CK) and regulatory compliance. Lead red/purple team exercises to validate security posture and feed improvements into the ASM program. Drive coordination with vulnerability management, SOC, architecture, DevSecOps, and compliance teams. Continuously evaluate ASM capabilities through tabletop exercises and exposure simulations. The Skills You Bring: Bachelor s or master s degree in computer science, Information Security, or related field. 10+ years in cybersecurity with at least 4 years in a leadership role managing attack surface or vulnerability management programs. Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent. Proven experience in managing hybrid IT environments including cloud (AWS, Azure, GCP), SaaS, and on-premises assets. Expertise in tools such as ASM platforms (e.g., CyCognito, Randori, Microsoft Defender ASM), VM platforms (Tenable, Crowdstrike, Qualys, Rapid7), and API security tools. Deep understanding of cloud security controls, CI/CD pipelines, external threat modeling, and exposure management. Familiarity with MITRE ATT&CK, NIST 800-53/CSF, OWASP Top 10, CIS Benchmarks. Strong leadership, stakeholder management, and team development skills. Ability to communicate technical risks and attack surface exposures in business language to executives and board members. Excellent leadership and people management skills, with the ability to inspire and guide a team of security professionals. Why join Ericsson? What happens once you apply? Primary country and city: India (IN) || Gurgaon Req ID: 768823