Purpose of the Job:
- The Group Information Security Officer is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure
information assets and technologies are adequately protected.
- Their primary role is to ensure that data, in any format, is protected from threats that could compromise its confidentiality, integrity, or availability.
- You will be responsible for identifying, developing, implementing, and maintaining processes across the organization to reduce information and
technology risks.
- You will also be required to respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the
establishment and implementation of policies and procedures.
- The Group Information Security Office will also be responsible for group level quality and compliance, ensuring local regulations are met and that we
gain/maintain certifications such as ISO27001, ISO9001, ISO14001, ISO50001 and SOC2.
- The ideal candidate for this position will have a strong background in information security, IT risk management, and a thorough understanding of
information technology and security trends.
Their duties and responsibilities include:
- Establishing and implementing a strategic, comprehensive enterprise information security and IT risk management program
- Working directly with the business units to facilitate risk assessment and risk management processes
- Developing and managing a virtual team to implement the strategy for enterprise security
- Identifying, developing and implementing information security policies, standards, procedures and guidelines
- Coordinating with technology and business groups to assess, implement, and monitor IT-related security risks/hazards
- Overseeing incident response planning and the investigation of security breaches, and assist with disciplinary and legal matters associated with such
breaches
- Providing regular reporting on the current status of the information security program to senior business leaders and the board of directors
- Ensuring compliance with the changing laws and applicable regulations
- Identifying potential threats and vulnerabilities to the organization’s information systems through ongoing monitoring and assessment
- Overseeing the development and implementation of security awareness training programs
- Establishing standards frameworks and supporting process to adhere to specified Certifications
- Coordinate with ISO and SOC2 assessors and plan pre audit and audit checks, ensuring all remedial points are addressed. Qualification and Experience Requirements
- Proven experience as a Information Security Officer or similar level information security role
- Experience with IT risk management, threat modelling, and design reviews
- Proficiency in information security domains, including policies and procedures, risk management, compliance, and incident response
- Familiarity with security and other quality frameworks (ISO 27001, ISO14001, ISO50001, NIST, CIS, etc.)
- Ability to manage and coordinate a virtual information security team
- Excellent written and verbal communication skills (in German and Englisch)- Ability to adapt to changing priorities and technologies
- BSc/MSc degree in Computer Science, Information Technology or a related field
- Certifications such as CISSP, CISM or CISA preferred
