Beschreibung
Academic BackgroundBachelor of Engineering / Technology / Science
Overall Experience (in yrs.)
12+ Yrs.
Location : Stuttgart
Technical skills (Required - Mandatory)
GRC:
· Documents and maintains the System risk governance methodology, the System risk management policies and the Information Security Policy and Standards.
· Improve and promote the System risk-related and Information security related activities.
· Organizes, conducts and performs system risk and information security risk assessment and gap analysis process.
· Organizes and performs the System risk assessment and gap analysis for all technologies, products, functions introduced.
· Establishes, reviews and verifies the System risk and information security risk related policies, standards and procedures documentation.
· Documents and confirms compliance with the information security requirement for System Development Life Cycle.
· Monitors compliance with the Security Standards, Policy and Architecture.
· Cooperates with the performance of annual mandatory information security awareness seminars to alert employees to the information security and best practices.
· Prepares and/or coordinates Monthly/Quarterly Operational Risk Meeting.
Performs all other duties as assigned by the Management.
IT Risk Management
· Maturity Assessment based on industry standard RMF ( Risk Management framework)
· Implementation and Development of at least two Risk Management Framework Project
· Knowledge about Risk Management Framework ( NIST CSF, ISO27001 etc)
· Familiarity with HIPPA, SOX, GLBA, GDPR, PCI DSS etc.
· General Risk Management Responsibilities: Has good knowledge of applicable risk management practices required to create a culture of risk management compliance for his or her group or department.
· Identifies, assesses, and monitors applicable risks based on risk management policies and procedures. Reviews work of subordinates for risk management purposes, if applicable.
· Exhibits best practice risk management skills through effective internal risk controls, risk monitoring, risk assessment and improvement of risk management processes.
· Participates in the development of a global risk framework (a single view of the company’s risk profiles and tolerance.)
· Reviews risk assessments, analyzes the effectiveness of information security control activities, and reports on them with actionable recommendations.
· Monitors risk mitigation and coordinates policy and controls to ensure that other managers are taking effective remediation steps.
· Assists/performs in security assessments and performs security attestations.
· Participates in security investigations and compliance reviews as requested.
· Conducts and reports on internal investigations of possible security violations.
· Consults with clients on security violations.
· Coordinates all IT internal and external assessment components.
Language skills needed
English,German
Location : Stuttgart,Germany
Salary : Upto 550 euros per day depending on role and experience