Job description
Information Security Manager
Berlin
Stott and May are proud to be working with one of the market leaders in developing AI-driven software for energy management, production, and logistics, specialising in optimising, controlling, and simulating industrial processes. Due to continued growth within their Security division, we are looking for an Information Security Manager to join the business
Responsibilities
1. Support, drive and improve information security strategy on a wide range of topics
2. Shape and improve our Information Security Management System (ISMS) in a sustainable and feasible way
3. Perform information security governance related tasks (e.g. policy creation and management for all information security topics, process creation and improvements, information security framework improvements)
4. Requirements management for information security (e.g. around ISO 27001, NIST CSF, KRITIS, ISO 27017, ISO 27019)
5. Support information security reviews and reporting (e.g. security KPI and maturity assessment)
6. Perform and improve information security risk management activities (e.g. risk identification, evaluation and assessment) from a general perspective
7. Stakeholder communication and collaboration across all our business units and legal entities on all levels (engineers, engineering managers, technical product managers, product owners, leadership, etc.
8. Participate in information security relevant due diligence activities (e.g. vendor and product assessments)
9. Reduce human risk factor with design and execution of security awareness measures
10. Participate and support in relevant audit preparations such as for ISO 27001 and TISAX
11. Strengthen the information security and data compliance culture and support information security knowledge management
12. Assist in incident management activities
Requirements
13. InfoSec Management and ISMS (ISO 27001, NIST, etc.) knowledge
14. General business and organisational understanding is best in the software development industry
15. Experience in information security governance activities (e.g. create, improve and implement processes, policies as well as perform control activities)
16. Strategic thinking to ensure we follow a sustainable way and don’t forget the big picture
17. Risk Management experience
18. General cloud security knowledge (GCP and Microsoft 365)
19. Analytic skills: you think things through and are a thought leader
20. Ownership mindset for tasks: You take end-to-end responsibility for a task from idea/start to finish
21. Good understanding of lean and agile practices
22. Good communication and interpersonal skills
23. Operational excellence and maturity knowledge
24. Fluency in written and spoken English (German is a plus)
25. Data Compliance knowledge (GDPR, CCPA, etc. ) as plus
26. Great enthusiasm for Information Security
27. Intrinsic motivation, never ending curiosity
Whats on offer
28. Modern environment with flat hierarchies.
29. Modern hardware and the opportunity to work with cutting-edge technologies
30. Flexible working model with home office days
31. Training budget for personal growth
32. 30 days vacation
33. Events for employees to celebrate our achieved goals and great team-spirit
34. Cooperate benefits and insurances