Beschreibung
TEX_17218 - IT Security Consultant (f/m) certified as an ISO27001 Lead Implementer/ AuditorEinsendeschluß: 09.02.2018
Anzahl d. Personen: 1
Branche: Transport & Logistik
Einsatzort: Hessen
Zeitraum: 19.02.2018 - 04.01.2019
Auslastung: 230 PT im o.g. Zeitraum / 5 PT pro Woche
Profilvorgabe: Deutsch
Preisvorgabe: EUR/Std.
Projektbeschreibung/Aufgaben/Rolle:
The work of the contractor is accomplished for the project „Autonomes Fahren auf der
Straße“ . Part of the project is the development of a digital platform and apps, as well
as services in the are of demand responsive transport mobility, ridesharing, autonomous driving etc. The products will mainly be offered as SaaS to Local Transport Authorities, Cities, Communes etc.
At the current state of the project we need support to develop and establish an Information Security Management System that covers all security related
issues (such as definition and documentation of processes, monitoring etc.).
The contractor needs to deliver the following:
Scope:
- Develop a framework in line with ISO27001 (Information Security Management System)
suitable for ioki (including consideration of customer expectations and requirements):
o Governance of Information Security
o Risk Framework
o Information Security and Data Protection awareness
- Design and deploy an Information Security Management System (ISMS) which provides a
framework for implementing ‘security and privacy by design’ and ‘continual improvement’
to include:
o Information Security structure
o Policy Framework
o Human resource security
o Asset management
o Access control
o Cryptography
o Physical and environmental security
o Operations security
o Communications security
o System acquisition, development and maintenance
o Supplier relationships
o Information security incident management
o Information security aspects of business continuity management
o Compliance
-Assure the design of ioki’s enterprise architecture including infrastructure, application,
integration, and digital strategies
- Define the process for Business Impact Assessments and Privacy Impact Assessments
- Institute a Compliance Framework including implementation, communication, training
and awareness activity in response to identified risk
- Support recruitment of ioki’s information security lead who will need to:
o Build strong relationships within the ioki business to develop understanding of security
related compliance factors
o Develop ioki’s understanding of information security and data protection
o Work with ioki’s leadership team to promote good compliance practice that are essential
to the reputation, safety, security and financial prosperity of ioki
o Assure the design of ioki’s enterprise architecture including infrastructure, application,
integration, and digital strategies
o Ensure that ioki implements compliant and consistent security standards across the
solutions and services it delivers to partners, clients and customers
o Manage and evolve the process for Business Impact Assessments and Privacy Impact
Assessments. Provide risk and vulnerability assessments to the business and support the
development of projects as necessary
o Manage and evolve the Compliance Framework including required implementation,
communication, training and awareness activities in response to changes to identified risks
o Provide business support in, ensuring compliance whilst playing a supportive role in
ensuring ioki is well prepared for compliance / audit exercises
o Subject to requirement, interact with external compliance and regulatory bodies on Cyber and Information Security.
Skills/Hinweise:
Mandatory skills
- Certified as an ISO27001 Lead Implementer/ Auditor, strong knowledge in supporting
regulatory frameworks and Data Protection/ Privacy, very strong Policy Framework
experience
- Proven and referenceable experience as an information security, risk and compliance
specialist, designing, implementing and supporting / operating information security
management systems and processes
- In depth experience in information security, privacy and compliance and policy
frameworks and working with colleague to deliver and design/implement pragmatic
controls designed to support ioki business functions in a large and complex multi-supplier
/ multi-platform / SaaS environment
- Knowledge of all areas of Information Security, including: Cyber Security for Digital
technologies; Identity and Access management; Authentication and Single Sign On;
Authorization; Audit; Data protection and Privacy; Security administration; Risk
Management and Assurance; Security Management. Experience in Payment Card Industry
Data Security Standards and knowledge of new and forthcoming regulations including
General Data Protection Regulation and the Network and Information Systems Directive
Non Mandatory Skills
- Proven track record of successful designing, implementing and assessing risk against
compliance and regulatory frameworks
- Strong ability to build and maintain stakeholder relationships, acting as a business partner
and enabler whilst engendering a culture of compliance cyber/ information security and
privacy awareness
- Demonstrable high performing teams that deliver exceptional results, working effectively
within a matrix organisation that encompasses employees, specialist contractors and 3rd
party suppliers and partners
Bei Interesse senden Sie uns bitte Ihr aktuelles Profil (bitte im Word-Format) unter Angabe Ihrer Verfügbarkeit sowie Ihres gewünschten Std.- / bzw. Tagessatzes.
Bitte beachten Sie, dass wir weiterführende Informationen zu dieser Ausschreibung wie bspw. Details zum Standort, dem Endkunden oder Tages- / Stundensätzen nur an bei uns registrierte Berater / Geschäftspartner herausgeben können.
Wenn Sie sich bei uns registrieren möchten, senden Sie uns bitte Ihr Profil (bitte im Word-Format).