Purpose of the Job:

– The Group Information Security Officer is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure
information assets and technologies are adequately protected.

– Their primary role is to ensure that data, in any format, is protected from threats that could compromise its confidentiality, integrity, or availability.

– You will be responsible for identifying, developing, implementing, and maintaining processes across the organization to reduce information and
technology risks.

– You will also be required to respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the
establishment and implementation of policies and procedures.

– The Group Information Security Office will also be responsible for group level quality and compliance, ensuring local regulations are met and that we
gain/maintain certifications such as ISO27001, ISO9001, ISO14001, ISO50001 and SOC2.

– The ideal candidate for this position will have a strong background in information security, IT risk management, and a thorough understanding of
information technology and security trends.

Their duties and responsibilities include:

– Establishing and implementing a strategic, comprehensive enterprise information security and IT risk management program

– Working directly with the business units to facilitate risk assessment and risk management processes

– Developing and managing a virtual team to implement the strategy for enterprise security

– Identifying, developing and implementing information security policies, standards, procedures and guidelines

– Coordinating with technology and business groups to assess, implement, and monitor IT-related security risks/hazards

– Overseeing incident response planning and the investigation of security breaches, and assist with disciplinary and legal matters associated with such
breaches

– Providing regular reporting on the current status of the information security program to senior business leaders and the board of directors

– Ensuring compliance with the changing laws and applicable regulations

– Identifying potential threats and vulnerabilities to the organization’s information systems through ongoing monitoring and assessment

– Overseeing the development and implementation of security awareness training programs

– Establishing standards frameworks and supporting process to adhere to specified Certifications

– Coordinate with ISO and SOC2 assessors and plan pre audit and audit checks, ensuring all remedial points are addressed. Qualification and Experience Requirements

– Proven experience as a Information Security Officer or similar level information security role

– Experience with IT risk management, threat modelling, and design reviews

– Proficiency in information security domains, including policies and procedures, risk management, compliance, and incident response

– Familiarity with security and other quality frameworks (ISO 27001, ISO14001, ISO50001, NIST, CIS, etc.)

– Ability to manage and coordinate a virtual information security team

– Excellent written and verbal communication skills (in German and Englisch)- Ability to adapt to changing priorities and technologies

– BSc/MSc degree in Computer Science, Information Technology or a related field

– Certifications such as CISSP, CISM or CISA preferred