Operationalization of Information Security Management System (ISMS) guidelines, in particular the representation of guidelines in organizational and technical security processes and controls.
- Advising and supporting specialist departments in the development of domain-specific guidelines, standards, procedures and processes.
- Support in the definition, planning and implementation of concrete protective measures in areas in line with guidelines and for general information security issues
- Checking and monitoring compliance with security standards in specialist departments, IT and partners
- Supporting and monitoring the departments concerned in implementing measures arising from audit findings
- Supporting the CISO in areas such as security operations, cyber-risks and intelligence, threat and risk analysis, protection against data loss and fraud, security architecture and governance.
- Regular monitoring and compliance reporting
- Monitoring implementation of risk management plans in specialized areas
- Carrying out and supporting information security assessments and reviews
- Support in the development of Key Performance Indicators (KPIs) relating to compliance and effectiveness of information security controls, and ensure reporting to various stakeholders
Requirements
- Further training or certification in the field of information security (e.g. as a Certified Information Systems Security Professional (CISSP), Certified Information System Auditor (CISA) or Certified Information Security Manager (CISM)).
- At least 2 years’ professional experience in information security or IT security.
- Competence in implementing technical and organizational security requirements such as hardening, vulnerability management, BCM, incident management and security monitoring.
- Good, rapid comprehension skills (recognizing complex relationships and drawing the right conclusions)
- Resilient and assertive personality with an independent working method
- Good knowledge of InfoSec standards (ISO 2700x, NIST, CIS, etc.)
- Very good command of written and spoken German
- Ideally, complete files are required
- CAS in information security, computer science or equivalent training