Key skills
AzureCloudRisk ManagementCommunicationCloud Security
About this role
Role Overview
- Establish and implement an ISO 27001-compliant ISMS and ensure successful ISO 14298 re-certification
- Serve as the central point of contact for group companies (CH, DE, US, UK) on IT and information security as well as data protection
- Provide active, hands-on support and advisory services to group IT and business units on measures to increase information and IT security, for example information classification, protection-needs analysis, and asset management
- Co-own the group’s overall information and IT security regarding engineering, operations, and risk management for both on-premise and cloud environments
- Identify vulnerabilities in IT/OT security and define, enforce, and document necessary corrective and protective measures
- Prepare, support, and follow up on internal and external audits: ISO 27001, ISO 14298, FISMA and customer audits
- Analyze and handle security incidents in cooperation with the external SOC partner; coordinate penetration tests and support IT and business-line projects on information security matters
- Design, prepare and deliver awareness campaigns and information security training
- Create and revise policies and directives
Requirements
- Degree or training in Computer Science, Business Informatics with a specialization in Information Security and/or IT Security, or equivalent practical experience in information security
- Further security certifications are advantageous (e.g., CISSP, CISA, CISM or CAS/MAS in InfoSec)
- At least 2–3 years of hands-on project experience in designing and implementing ISMS according to ISO/IEC 27001 and NIST, plus experience in IT auditing
- Solid foundational knowledge of IT security, particularly in network and cloud journeys and cloud security (Azure)
- Familiarity with IT GRC topics such as data protection, IT risk management and business continuity management (BCM)
- A connecting and communicative personality with a pragmatic, hands-on mentality combined with analytical thinking, service
- and solution-orientation, and a strong drive to work independently
- Ability to analyze complex security-related topics and explain them clearly to non-technical colleagues
- Strong personal commitment to steadily develop the maturity of information security within an organization and to embed it in cooperation with people: proactively engage with stakeholders, listen, involve, co-develop and solve together
- Business-fluent written and spoken German and English are required
Tech Stack
- Azure
- Cloud
Benefits
- An open and appreciative corporate culture characterized by respect, commitment and reliability
- A well-coordinated team with flat hierarchies and an open communication culture
- Flexible working on-site and from home
- Various benefits that round off this exciting role