Information Security Officer

We are looking for an information security officer who is able to take a proactive role in the management of information security risks. The ideal candidate should have a deep understanding of IT security and compliance methods,industry standards,and be proactive in adopting and implementing security practices and processes. Additionally,the candidate must be committed to staying up-to-date with security trends and advancements,and identifying opportunities for new initiatives that can lead to further enhancements.

In our organization all business units are responsible for ensuring the security of our IT-environment. As a member of the Security Consultancy & Assurance team, you will be focussing on the Group IT department. As a team, our biggest challenge lies in verifying and reviewing technical measures to ensure their correct implementation, while also providing advice and support to the devops teams. We must balance residual risk with the necessary measures and assist product owners and their teams in making informed decisions and supporting them in discussions with the Risk Management department. Our ongoing challenge is to optimize IT security procedures and processes, automate as much as possible to increase quality and reduce manual procedures.

Your responsibilities include:
• Advising a wide variety of stakeholders (devops teams, management teams, contract managers, project managers, etc.) technically, content, and process-wise on how to implement the required security measures and minimise the risks within their domain. • Working with the Security Consultancy & Assurance team on a wide variety of security and compliance tasks, e.g. periodic control tracking with the Group IT departments, regulatory compliance reporting, reviewing security documentation, deep-dive asset reviews, threat modelling, provide IT security training and coaching, interpret vulnerabilities and security incidents on impact for services, supply chain security, etc • cooperation with the devops infrastructure and application teams, Risk Management, as well as other security disciplines like our own Security Operation Center and Defensive security teams, to proactively identify the appropriate security measures and support devops teams to implement them.
 

The Security Consultancy & Assurance team is a well-balanced team in experience, background, age and a variety of skills, with intensive daily interaction, cooperation and supporting each other on difficult topics. We are very keen on keeping our environment secure and safe, continuous learning by coaching on the job and by training and education. And very important: having a lot of fun in working together and having regular team drinks, online pubquizes and social activities like a beach clean-up!

• Concise and eye for detail while keeping the overall picture and goal in mind • Clear communication style and being able to cooperate with people with various backgrounds
• You are a team player: you are supportive and flexible in picking up tasks when priorities change
• You are aware of your strengths and improvement areas and are consciously working on your personal development. In order to keep learning, you like to stay up-to-date with the latest developments within the security field. Skilled and experienced (+3 years) in IT and IT security, preferably educated as Bachelor or Master degree in IT (or other technical and/or security oriented study). Being SSCP or CISSP certified is an advantage. Security knowledge on applications, SAP and /or cloud is preferred.
 
 

•    25 Vacation days + 0.5 bonus day per quarter if you have remained fit and healthy (read: do not report sick);
•    Travel allowance 21 cents / kilometer or full public transport reimbursement;
•    E-learning portal with (almost) all IT training and education that you can propose;
•    50 euros for medical expenses (you can count gross on top of your salary).