Beschreibung
TätigkeitenbeschreibungBeschreibung des Projekt-/ Verfahrenskontexts
The work of the contractor is accomplished for the project „Autonomes Fahren auf der Straße“ (ioki). Part of the project is the development of a digital platform and apps, as well as services in the are of demand responsive transport mobility, ridesharing, autonomous driving etc. The products will mainly be offered as SaaS to Local Transport Authorities, Cities, Communes etc.
At the current state of the project (soon to be the ioki GMBH) we need support to develop and establish an Information Security Management System that covers all security related issues (such as definition and documentation of processes, monitoring etc.).
Gegenstand des Vertrags
The contractor needs to deliver the following: Scope
Develop a framework in line with ISO27001 (Information Security Management System) suitable for ioki (including consideration of customer expectations and requirements):
Governance of Information Security
Risk Framework
Information Security and Data Protection awareness
Design and deploy an Information Security Management System (ISMS) which provides a framework for implementing ‘security and privacy by design’ and ‘continual improvement’ to include:
Information Security structure
Policy Framework
Human resource security
Asset management
Access control
Cryptography
Physical and environmental security
Operations security
Communications security
System acquisition, development and maintenance o Supplier relationships
Information security incident management
Information security aspects of business continuity management
Compliance
Assure the design of ioki’s enterprise architecture including infrastructure, application, integration, and digital strategies
Define the process for Business Impact Assessments and Privacy Impact Assessments
Institute a Compliance Framework including implementation, communication, training and awareness activity in response to identified risk
Support recruitment of ioki’s information security lead who will need to:
Build strong relationships within the ioki business to develop understanding of security related compliance factors
Develop ioki’s understanding of information security and data protection
Work with ioki’s leadership team to promote good compliance practice that are essential to the reputation, safety, security and financial prosperity of ioki
Assure the design of ioki’s enterprise architecture including infrastructure, application, integration, and digital strategies
Ensure that ioki implements compliant and consistent security standards across the solutions and services it delivers to partners, clients and customers
Manage and evolve the process for Business Impact Assessments and Privacy Impact Assessments. Provide risk and vulnerability assessments to the business and support the development of projects as necessary
Manage and evolve the Compliance Framework including required implementation, communication, training and awareness activities in response to changes to identified risks o Provide business support in, ensuring compliance whilst playing a supportive role in ensuring ioki is well prepared for compliance / audit exercises
Subject to requirement, interact with external compliance and regulatory bodies on Cyber and Information Security.
Anforderungsprofil an Erfüllungsgehilfen (externe Fachkräfte)
Gewichtung fachliche Anforderungen: 80%
Profilabdeckung der bedarfsspezifisch geforderten fachlichen Skills (Basis Rollenkatalog) – Gewichtung 20%
Profilabdeckung der bedarfsspezifisch geforderten technologischen Skills (Basis Rollenkatalog) – Gewichtung 20%
Profilabdeckung der geforderten Methodenkompetenzen (Basis Rollenkatalog) – Gewichtung 10%
Abdeckung der geforderten Qualifikationen & Zertifizierungen & Erfahrungen (Basis Rollenkatalog) – Gewichtung 30%
Beantwortung zu bedarfsspezifischen fachlichen / technischen Aufgabenstellungen – Gewichtung 20%
Mandatory skills
Certified as an ISO27001 Lead Implementer/ Auditor, strong knowledge in supporting regulatory frameworks and Data Protection/ Privacy, very strong Policy Framework experience
Proven and referenceable experience as an information security, risk and compliance specialist, designing, implementing and supporting / operating information security management systems and processes
In depth experience in information security, privacy and compliance and policy frameworks and working with colleague to deliver and design/implement pragmatic controls designed to support ioki business functions in a large and complex multi-supplier / multi-platform / SaaS environment
Knowledge of all areas of Information Security, including: Cyber Security for Digital technologies; Identity and Access management; Authentication and Single Sign On; Authorization; Audit; Data protection and Privacy; Security administration; Risk Management and Assurance; Security Management. Experience in Payment Card Industry Data Security Standards and knowledge of new and forthcoming regulations including General Data Protection Regulation and the Network and Information Systems Directive
Non Mandatory Skills
Proven track record of successful designing, implementing and assessing risk against compliance and regulatory frameworks
Strong ability to build and maintain stakeholder relationships, acting as a business partner and enabler whilst engendering a culture of compliance cyber/ information security and privacy awareness
Demonstrable high performing teams that deliver exceptional results, working effectively within a matrix organisation that encompasses employees, specialist contractors and 3rd party suppliers and partners