Security, Protection & Resilience is the core team and central driver for Information Security four our client.
The division is tasked to continue evolving a strong security organization, establishing global security solutions and countermeasures and to oversee the effectiveness and guide the implementation of security controls.
The Information Security Manager is a key role within the Security Assurance & Architecture Team. He/she is part of the function that is responsible for the effective implementation and maintenance of the Information Security Management System. Furthermore, he/she oversees the fulfilment of Information Security requirements in all services provided by our client as shared service provider to its customers, including those provided by 3rd parties and/or outsourcing providers.
- Evaluate, recommend, develop, monitor and maintain IT security policies, procedures and systems
- Ensure that IT security architecture, controls, processes, policies and procedures are aligned with IT security standards and requirements for data protection, business continuity, IT service continuity and disaster recovery
- Serving as central contact person for information security-related matters, including interfaces to business, partners, customers and other safeguarding functions; promote knowledge and awareness of our client security requirements and processes
- Control the implementation of and compliance with Group-wide standards, regulatory requirements and industry security standards within the organization, its services and in projects
- Ensure the implementation of Information Security principles and procedures during the full life cycle of services offered by the company and its external providers (e.g. Cloud services); systematically assess the effectiveness of security controls
- Develop security guidelines and directives
- Security Risk Management, including supporting the life cycle of security risk assessments, assessing and addressing deviations from security policies, guidelines and contractually agreed provisions; develop effective strategies to mitigate identified information security risks.
- University degree (primarily in computer science, business informatics or natural sciences), or equivalent professional experience
- Long track record of experience in IT; 5 years+ experience in Information Security related fields; sound knowledge of IT security Technology, architecture and processes and profound knowledge of information security management systems and relevant industry standards (in particular ISO270xx, COBIT5)
- Practical experience with provider management (including Cloud providers), IT outsourcing and related control frameworks
- Project management and/or basic leadership experience, ability to cope with high workload, and being able to exercise good levels of independence, judgement and initiative
- Proficient in German, excellent international communication skills including the ability to prepare professional documentation and presentations for various audiences and senior management
- Competence to exchange complex information with diplomatic tact and to cooperate with a diverse internal and external audience
- Ability to carry out tasks independently in non-standardized (ever-changing) work situations