Arbeiten bei ARLANXEO – Gestalten Sie die Zukunft mit uns
ARLANXEO ist einer der weltweit führenden Hersteller von synthetischem Kautschuk.
Unsere Hochleistungskautschuke stecken in Produkten, die Sie täglich nutzen – vom Autoreifen über Haushaltsgeräte bis hin zu nachhaltigen Technologien wie Batterien für Elektrofahrzeuge, Windräder und Solaranlagen.
Was uns besonders macht?
Wir verbinden technologische Exzellenz mit einer starken Unternehmenskultur. Bei uns arbeiten Sie in einem internationalen Umfeld, das Innovation, Verantwortung und Zusammenarbeit großschreibt.
Ihre Entwicklung zählt
Unsere Mitarbeitenden sind das Herzstück unseres Erfolgs. Deshalb schaffen wir ein Umfeld, in dem Sie wachsen, gestalten und Wirkung entfalten können.
Unser Versprechen an Sie: „Doing what matters. Together.“
Das ist mehr als ein Slogan – es ist unser täglicher Anspruch. Wir bieten Ihnen die Chance, Ihre Karriere in einem Unternehmen aufzubauen, das auf Verlässlichkeit, Verantwortung und Fortschritt setzt.
Unser Purpose:
„Reliable. Responsible. Rubber.“
Er zeigt, wofür wir stehen – und warum Sie bei uns genau richtig sind.
Under the CISO, the Manager of Information Security / Cybersecurity GRC (Governance, Risk & Compliance) the Governance & Compliance Manager is responsible to manage and lead the definition, implementation, development, reporting and operational improvement of ARL’s enterprise Information Security and cybersecurity for IT, OT covering the entire ARLANXEO Functions & processes in the following areas:
Governance 20%: To manage and lead all key operational and strategical Governance processes, including standards definition, framework development, consultation with stakeholders, review and publishing of the Information Security Governance framework – Policies, Standards and Baselines.
Compliance 80%: Jointly with the Information Security GRC team to organize and manage the Information Security Compliance checks processes related to the Information Security / Cybersecurity, supported by the ARLANXEO internal key functions like Internal Auditing or Quality Management.
Organize and manage external assessments, requested by the ARLANXEO or by the ARAMCO group, outsourced to global partners.
Objectives: As an officer of Governance & Compliance, he/she will utilize the domain of expertise and business knowledge to integrate the Information Security needs from the NIST framework as well as the ARAMCO group policies & standards for all implemented systems and processes including projects.
Requirements:
As the successful candidate, you will hold a Bachelor's degree or equivalent experience, in or Associate degree with 3 additional years of experience in the IT, IT-Security or cybersecurity field.
University degree or equivalent experience in IT topics and a professional working background in security topics for more than 5 years.
SME: Well-versed with various IT & cyber security policies / standards especially IT Security policy and compliance management. Data Protection knowledge in regard to GDPR in the European context is a must have. Furthermore, an in-depth experience and expertise in at least one of the frameworks NIST / ISO 27001 is required. KritisV knowledge is a plus. This includes knowledge about the framework set up, implementation and a profound audit experience, both on-site and remote.
Fluent in English language for professional verbal communication and as well as for creation of policies, standards and reports with correct spelling and grammar. Additional languages is a plus (German, French, Dutch, Portuguese, Chinese).
Travel mobility as the company has production, R&D, warehousing, office and key interests in Europe, Americas, Asia and Saudi Arabia.
Certifications: One or more of the following certifications is preferred:
* NIST
* ISO 27001 Lead Auditor
* CISA / CRISC / CISM
* CISSP
Knowledge and certifications in the following areas is advantageous:
* Testing methodology in regard to BSl-KritisV
* COBIT 5 Foundation
* ITIL Foundation
* Projekt Management Certification (at least basic level, e.g. ISO/IEC EN 17024)
Standards:
Very good knowledge of relevant standards (NIST, ISO 2700x, IEC 62443, Cobit, ISO/IEC 19011, 22301, BSI Grundschutz) and an ability / experience to apply them appropriately.
Provable track of successfully operated in the Governance, Risk Management and / or Compliance areas
Understanding of Threat and Risk methodologies/techniques - with qualitative and quantitative approaches - and the interpretation/application of their output in the definition of Information- and IT/OT-Security Solutions.
Non-technical skills
* Team player with strong personal skills
* Analytical skills required to conduct technology and risk assessments, gap analysis, identifying (re)engineering or (re)architecting initiatives
* Build, develop and sustain relationships with IT and business and participating in networking activities
* Technical writing and reporting
* Verbal and nonverbal communication
* Presentation and information delivery
* Effective time management skills by completing assignments within budgets and calendar schedules
* Engage in professional development activities, including completion/renewal of professional certification(s)
* Problem solving skills to generate ideas for mitigating identified gaps and vulnerabilities
* To be able to work in a structured way also in stressful situation or under time pressure
* Result oriented and quality driven is a big plus
Duties & Responsibilities:
Manage and coordinate the Information Security / cybersecurity compliance in cooperation with ARLANXEO, ARAMCO key functions as well as global partners.
Drive from a governance and compliance perspective the process and technical assessments with internal and external stakeholders, e.g. IT project managers and providers.
Ensure compliance with security controls and baselines across IT and OT.
Lead, prepare, accompany the cybersecurity audits and assessments in close cooperation with Internal Audit, External Audit partners and help to improve our maturity levels
In regard to the CIP track and follow up with IT and IT Security team on audit findings/observations.
Develop, review, update, maintain and communicate IT and cybersecurity governance documents.
Establish, maintain and enforce policy, guidelines and baselines related to security for the users and administration of IT systems and services.
Identify opportunities to improve existing policies, procedures, standards, guidelines and training programs.
Track mitigation progress and provide status update to Management.
Build good relationships with auditors and all stakeholders.
Chancengleichheit bei ARLANXEO
Wir sind stolz darauf, ein Arbeitgeber zu sein, der Chancengleichheit bietet.
Alle qualifizierten Bewerber:innen werden unabhängig von ethnischer Herkunft, Hautfarbe, Religion, Geschlecht, Alter, sexueller Orientierung, Geschlechtsidentität, nationaler Herkunft, Behinderung oder anderen gesetzlich geschützten Merkmalen für eine Anstellung berücksichtigt – im Einklang mit unserem Engagement für Vielfalt, Gleichberechtigung und Inklusion am Arbeitsplatz.
Hinweis für Personalvermittlungen:
ARLANXEO akzeptiert keine unaufgeforderten Bewerbungen von externen Personalvermittlern oder Agenturen.
Lebensläufe oder Bewerbungen, die ohne vorherige schriftliche Vereinbarung eingereicht werden, gelten als unaufgefordert und werden als Eigentum von ARLANXEO betrachtet. In solchen Fällen wird keine Vermittlungsgebühr gezahlt.