Information Sec. Officer - Architecture

Objective of the position 

The Regional Information Security Architect (RISA) ensures that the processes, tools and changes (e.g. via projects) in the organization are aligned with the protection needs of our information and business-critical processes to prevently limit the potential damage in case of cyber-attacks and security-incidents. He/she ensures a company-wide secure implementation and thus the protection of our information assets across all areas and reports to the CISO.

Principal Activities:

• Act as internal and external contact person within his/her own area of expertise (e.g., act as process interface between ISC und CISO for parts of information security subjects);Cooperate in internal working groups (e.g., as an advisory function)
• Create internal publications (e.g., internal policies as required by ISO/IEC-27001 / TISAX, directive on the use of cryptographic measures, etc.) and support external publications (e.g., in professional journals or at professional meetings, etc.) and present (internal)
• Recognize general need for continuing education in his/her own field within the company; plan and conduct internal and external training on complex topics, both domestically and in other countries (e.g., design and conduct awareness trainings, etc.)
• Support in determining and optimizing internal standards and complex processes within his/her own area of expertise (e.g., analyzing and optimizing existing processes/directives, identify improvement potentials and risks according to technical developments and interactions with corporate security, functional units, internal instructions, etc.)
• Observe/identify trends in his/her area of expertise in order to develop concepts (e.g., public/private cloud, etc.); suggest recommendations for action (e.g., conduct market analysis on risks and/or security architecture, suggest technical secure further development, etc.)
• Conduct mainly conceptual activities within his/her area of expertise (e.g., development/ preparation of directives and standards for information security) taking into account applicable requirements (e.g., laws, internal/external regulations, ISO/IEC-27001, TISAX etc.)
• Consult in further development of one or more sub-areas of enterprise-wide information security in coordination with the CISO (e.g., working out concepts and initiating measures for improving information security)
• Design the policies and processes within information security (e.g., risk management, incident management, etc.) aligned with applicable corporate and group standards (e.g., classifying and processing risks within the Risk2Value process, internal audits according to definition, requirement from ISO/IEC-27001, TISAX, etc.)
• Design the applicable information security requirements and introducing necessary measures (e.g., design a KPI reporting/conduct risks and/or SWAT analysis, analyzing threats and/or vulnerabilities, etc.)
• Design of documentation (e.g., directives, instructions, training material, applicable documents, etc.) and ensure maintenance
• If necessary, manage projects with internal and external project teams (e.g., internal audits or assessments, external audits such as TISAX, ISO/IEC-27001)
• Capture, coordinate, address and solving of general information security tasks (e.g., risks, reports, supplier incidents, Violations, lessons learned, etc.)
• Creating a risk profile for project for projects and assets and their impact on areas of information security

Requirements:

Professional career:

• IT, Telematics, Software engineer or related

Relevant experience: 

• Experience with ISO27X series and TISAX 3-5 years
• Experience on audits as auditee and auditor 3-5 years
• Experience on global projects 3-5 years
• Experience with IT-OT/Cybersecurity 3-5 years

Technical knowledge:

• Information Security Management System
• ISO27x series standards and TISAX framework
• Information security and IT-OT/cybersecurity available
• Ability to challenge processes & projects for Information Security riskS
• Cyber security architectures and state of the art solutions
• Manage audits as auditee and auditor
• Project management skills
• Automotive knowledge

Languages:

• English Advanced Level

¡Continue with your professional development and apply now!