Beschreibung
Für unseren Kunden in Frankfurt suchen wir einen Datensicherheitsbeauftragten (m/w) nach ISO 27001 (Deutsch - must have)
Leistungsbeschreibung:
• Develop a framework in line with ISO27001 (Information Security Management System) suitable for the costumer (including consideration of customer expectations and requirements):
o Governance of Information Security
o Risk Framework
o Information Security and Data Protection awareness
• Design and deploy an Information Security Management System (ISMS) which provides a framework for implementing ‘security and privacy by design’ and ‘continual improvement’ to include:
o Information Security structure
o Policy Framework
o Human resource security
o Asset management
o Access control
o Cryptography
o Physical and environmental security
o Operations security
o Communications security
o System acquisition, development and maintenance
o Supplier relationships
o Information security incident management
o Information security aspects of business continuity management
o Compliance
• Assure the design of the customers enterprise architecture including infrastructure, application, integration, and digital strategies
• Define the process for Business Impact Assessments and Privacy Impact Assessments
• Institute a Compliance Framework including implementation, communication, training and awareness activity in response to identified risk
• Support recruitment of the customers information security lead who will need to:
o Build strong relationships within the customer business to develop understanding of security related compliance factors
o Develop customer understanding of information security and data protection
o Work with customers leadership team to promote good compliance practice that are essential to the reputation, safety, security and financial prosperity of ioki
o Assure the design of customers enterprise architecture including infrastructure, application, integration, and digital strategies
o Ensure that customer implements compliant and consistent security standards across the solutions and services it delivers to partners, clients and customers
o Manage and evolve the process for Business Impact Assessments and Privacy Impact Assessments. Provide risk and vulnerability assessments to the business and support the development of projects as necessary
o Manage and evolve the Compliance Framework including required implementation, communication, training and awareness activities in response to changes to identified risks
o Provide business support in, ensuring compliance whilst playing a supportive role in ensuring customer is well prepared for compliance / audit exercises
o Subject to requirement, interact with external compliance and regulatory bodies on Cyber and Information Security.
Anforderungen & Skills:
Proven and referenceable experience as an information security, risk and compliance specialist, designing, implementing and supporting / operating information security management systems and processes
• Proven track record of successful designing, implementing and assessing risk against compliance and regulatory frameworks
• Certified as an ISO27001 Lead Implementer/ Auditor, strong knowledge in supporting regulatory frameworks and Data Protection/ Privacy, very strong Policy Framework experience
• Strong ability to build and maintain stakeholder relationships, acting as a business partner and enabler whilst engendering a culture of compliance cyber/ information security and privacy awareness
• Demonstrable high performing teams that deliver exceptional results, working effectively within a matrix organisation that encompasses employees, specialist contractors and 3rd party suppliers and partners
• In depth experience in information security, privacy and compliance and policy frameworks and working with colleague to deliver and design/implement pragmatic controls designed to support ioki business functions in a large and complex multi-supplier / multi-platform / SaaS environment
• Knowledge of all areas of Information Security, including: Cyber Security for Digital technologies; Identity and Access management; Authentication and Single Sign On; Authorization; Audit; Data protection and Privacy; Security administration; Risk Management and Assurance; Security Management. Experience in Payment Card Industry Data Security Standards and knowledge of new and forthcoming regulations including General Data Protection Regulation and the Network and Information Systems Directive