Security Risk Manager
Posted on Oct 25, 2020 by Red - The Global SAP Solutions Provider
RED's brand-new client is a Global manufacturing company with headquarter in Switzerland.
You will be joining a recently created information security and risk management team accountable for the design and implementation this global Leaders security strategy and program globally.
You will be working with our teams in different locations and develop and grow a professional career in an exciting, challenging, and international environment.
You will have a high level of influence where you can make a difference and leave your footprint.
Job Title: Information Security Manager
Type: Permanent Job
Language: Fluent English and German
-Analyse impact of new technologies, information security laws and regulations.
-Assess information security controls and risks and drive risk remediation with risk owners.
-Maintain the information security risk and issues registers and run information risk committees.
-Define risks and vulnerability mitigation strategies
-Coordinate penetration testing, vulnerability scanning and risk reporting for our projects.
-Perform audits and assessments of service providers, documents and tracks risks to closure.
-Perform security categorization of systems with owners.
-Further develop and implement the Information Security Framework (ISF).
-Give guidance and takes accountability for business daily compliance to the ISF
-Design and delivers the security education training awareness program (SETA).
-Participate in design and performs internal audits of business compliance to the ISF.
-Support IT and business stakeholders in internal or external audits
-Respond to information security incidents and timely reports to relevant stakeholders.
-University Degree in Information Security, IT or equivalent
-Desirable: Professional information security certification or associate level membership such as CISSP, CISM or ISO 27001 auditor/practitioner.
-Desirable: Professional information system, risk or audit certifications such as CIA/CISA/CRISC.
-Professional work experience, preferably in information technology, infor mation or data management or in other technology related roles.
-Experience with Information Security Risk Management.
-You are confident and able to communicate why security is a business enabler.
-You have working knowledge of information security standards such as NIST and ISO 27001.
-You are able to drive business awareness and comfortably explain the connection between data protection regulations such as the General Data Protection Regulation and information security and risk management.
-Beneficial if you have knowledge of GXP, CSV
-You are resilient, self-reliant/self-motivated, proactive with high degree of accountability and you have excellent operating skills in a dynamic team environment.
-You are a strong communicator: presentation and training, relationship management, consultation, negotiation.
-You have a high level of personal integrity, ability to professionally handle confidential matters and convince by appropriate level of judgment and maturity.
-You have the ability to work in a Matrix and geographically dispersed organization.