Key skills
AzureCloudRisk ManagementCommunicationCloud Security
About this role
Role Overview
- Establish and implement an ISO 27001-compliant ISMS and ensure successful ISO 14298 re-certification
- In a later step, FISMA compliance will also be addressed
- Serve as the central point of contact for group companies (CH, DE, US, UK) on IT and information security as well as data protection
- Provide active, hands-on support and advise group IT and business units on measures to increase information and IT security on topics such as information classification, protection needs analysis, and asset management
- Co-responsible for the group’s overall information and IT security regarding engineering, operations, and risk management for both on-premises and cloud environments
- Identify vulnerabilities in IT/OT security and define, demand, and conceptually prepare necessary corrective and protective measures
- Prepare, support, and follow up on internal and external audits: ISO 27001, ISO 14298, FISMA, and customer audits
- Analyze and handle security incidents in cooperation with the external SOC partner, coordinate penetration tests, and support IT and line projects on information security matters
- Design, prepare, and conduct awareness campaigns and information security training
- Draft and revise policies and directives
Requirements
- Degree or education in Computer Science, Business Informatics with a specialization in Information Security and/or IT Security, or relevant practical experience in information security
- Further security-related certifications are a plus (e.g., CISSP, CISA, CISM, or CAS/MAS InfoSec)
- At least 2–3 years of practical project experience in designing and implementing ISMS according to ISO/IEC 27001 and NIST, and experience in IT audit
- Solid foundational understanding of IT security, particularly in network and cloud journeys and Cloud Security (Azure)
- Familiarity with IT GRC topics such as data protection, IT risk management, and BCM (Business Continuity Management)
- A connecting and communicative personality with a pragmatic hands-on mentality, analytical thinking, service
- and solution-orientation, and a strong drive to work independently
- Ability to analyze complex security-related topics and make them understandable to colleagues without a technical background
- Strong personal commitment to progressively develop information security maturity within an organization and embed it in cooperation with people: proactively engage, listen, bring others along, and develop and solve together
- Business-fluent written and spoken German and English are required
Tech Stack
- Azure
- Cloud
Benefits
- An open and appreciative corporate culture characterized by respect, commitment, and reliability
- A well-rehearsed team with flat hierarchies and an open communication culture
- Flexible working both on-site and from home
- A range of benefits that round out this exciting challenge