Über ARLANXEO
Wir sind einer der weltweit größten Produzenten von Synthesekautschuk. Wir entwickeln, produzieren und vermarkten Hochleistungskautschuke, die für eine Vielzahl von Anwendungen eingesetzt werden.
Wahrscheinlich verwenden Sie synthetische Kautschuke in Ihrem täglichen Leben, ohne es zu merken. Für die Fahrt zur Arbeit und nach Hause brauchen Sie Gummi in den Reifen Ihres Autos oder Fahrrads. Beim Duschen befindet sich eine Gummidichtung in Ihrem Wasserhahn. Beim Öffnen des Kühlschranks sorgen die Gummidichtungen dafür, dass die Tür richtig schließt und die Kälte drinnen bleibt. Neben diesen eher „traditionellen“ Anwendungen wird unser synthetischer Kautschuk auch in Batterien für Elektroautos, in Windmühlen und Solarmodulen verwendet.
Als einer der Hauptakteure in der Gummiindustrie erkennt ARLANXEO an, dass wir jede Phase im Leben unserer Gummiprodukte untersuchen müssen, um ihren ökologischen Fußabdruck zu verringern. Finden Sie heraus, wie Sie bei ARLANXEO etwas bewegen können.
Key Responsibilites:
* Facilitates an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board
* Provides regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes
* Develops, socializes and coordinates approval and implementation of security policies
* Works with the vendor management office to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations
* Directs the creation of a targeted information security awareness training program for all employees, contractors and approved system users, and establishes metrics to measure the effectiveness of this security training program for the different audiences
* Understands and interacts with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management
* Provides clear risk mitigating directives for projects with components in IT, including the mandatory application of controls
* Embeds Cyber Judgement across a decentralized or distributed decision making model
* Leads the security champion program to mobilize employees in all locations
* Leads the information security function across the company to ensure consistent and high-quality information security management in support of the business goals
* Determines the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas
* Manages the budget for the information security function, monitoring and reporting discrepancies
* Manages the cost-efficient information security organization, consisting of direct reports and dotted line reports (such as individuals in business continuity and IT operations). This includes hiring (and conducting background checks), training, staff development, performance management and annual performance reviews
*
* Develops an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in and mandate
* Develops, implements and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization
* Assists with the identification of non-IT managed IT services in use ("citizen IT") and facilitates a corporate IT onboarding program to bring these services into the scope of the IT function, and apply standard controls and rigor to these services; where this is not possible, ensures that risk is reduced to the appropriate levels and ownership of this information security risk is clear
* Works effectively with business units to facilitate information security risk assessment and risk management processes, and empowers them to own and accept the level of risk they deem appropriate for their specific risk appetite
* Develops and enhances an up-to-date information security management framework based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and Saudi Aramco Framework SACS-021.
* Creates and manages a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations
* Develops and maintains a document framework of continuously up-to-date information security policies, standards and guidelines. Oversees the approval and publication of these information security policies and practices
* Creates a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets
* Facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the information security, and reviews it with stakeholders at the executive and board levels
* Creates a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties
* Works with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy
* Collaborates and liaises with the data privacy officer to ensure that data privacy requirements are included where applicable
* Defines and facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings
* Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines
* Oversees technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk
* Manages and contains information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation
* Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action
* Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter
* Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas
* Facilitates and supports the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem
*
* Proven Leadership experience having managed a high performing Security Operations team in a complex or large-scale ICT environment.
* Being familiar with systems maintenance, enterprise architecture, certification and accreditation, and ICT engineering processes.
* Strong interpersonal skills, analytical and problem-solving abilities, and organizational skills. S/he motivates your team to achieve outstanding outcomes and your consultative approach means that your clients value your guidance and advice.
* Excellent communication skills, together with the ability to develop, coach and mentor others to further the professional development of the team.
* You will be an experienced cyber security professional with a background in Security Operations Centre operations, integrated security service delivery, security engineering or Governance Risk and Compliance activities.
* Ability to communicate with and coordinate the activities of others.
* Manage and execute smaller projects in Security Operations Domain
* Lead Security Operations Team with several Security Experts
Education / Qualification:
* Bachelor’s degree in Computer Science or equivalent
* Recognized information security certifications CISSP is required
* Recognized information security certifications as CISCO ones are preferred
Experience needed:
+10 years’ experience with Information security and risk management,
Demonstrated Experience and Success in senior leadership roles in risk management, information security, and IT and OT security
Degree in Business Administration or a technology-related field or equivalent work- or education related experience.
Experience in IT New Service Delivery & Support (ITIL), preferably in securing the service development life cycle and outsourced suppliers,
Experience designing secure networks, systems and application architectures,
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists,
Strong knowledge of IT Governance Risk & Control frameworks, specifically NIST including 800-53, ISO/IEC27001, COBIT and risk methodologies (IRAM),
Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
Practical understanding of, and experience with IT infrastructure, architecture and technology solutions,
Proven capability in managing IT security infrastructure risks,
Knowledge of external Legal, Regulatory and industry best industry requirements, particularly Export Controls, and Data Privacy regulations,
Ability to work virtually and to influence and deliver through others without direct management control accountability.
Language:
* German
* English: proficiency needed
IT Knowledge:
* Must have a thorough knowledge of the Cyber Security Standards and Technologies
* Experience working with common information security standards, such as: ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT
* Knowledge and understanding of relevant legal and regulatory requirements such as SOX, HIPAA, PCI/DSC
* Knowledge of network architecture and client/server technology
* Knowledge about main IT and OT Security Trends and Standards
* Knowledge about IT security domains (Network, Firewalls, SMTP Authentication, VPN…)Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials are desired.
searching area: Information Technology
workplace: Cologne
working time: fulltime
Was ARLANXEO Ihnen bietet
Bei ARLANXEO tun wir unser Bestes, um Ihnen ein Umfeld zu bieten, in dem Sie sich fachlich und persönlich weiterentwickeln können. Wenn Sie bereit sind, Herausforderungen anzunehmen, haben wir sie für Sie. Es gibt immer Raum, Ihren Horizont zu erweitern, Neues zu lernen, Teil eines Projektteams zu werden oder selbst ein Projekt zu leiten. Unsere Mitarbeiter loben ihre engagierten Kollegen und kooperieren miteinander. Wir versuchen, dass Sie sich vom ersten Tag an wie zu Hause fühlen.
Bei ARLANXEO halten wir uns an lokale Gesetze und Gesetze und bemühen uns, den Kandidaten einzustellen, der für die Stelle am besten geeignet ist.
ARLANXEO akzeptiert keine unaufgeforderten Bewerber, die von externen Personalvermittlern oder Agenturen eingereicht werden. Jeder Lebenslauf oder jede Bewerbung, die ARLANXEO ohne bestehenden Vermittlungsvertrag übermittelt wird, gilt als unaufgefordert und als Eigentum von ARLANXEO, und ARLANXEO zahlt keine Vermittlungsgebühr.