Beschreibung
Job designation
Role Purpose/Outcome
The Group IT Security Manager is responsible for the establishment, acceptance and operational implementation of IT security policies within my client.
The role reports to the Group Head of IT Infrastructure and Services.
The primary outcome of the role is to ensure that group has a best practice and encompassing approach to IT security, that is clearly defined with a consistent set of IT security policies, communicated and understood across our company.
Ensure that all new solutions (both applications and infrastructure) are reviewed and solutions teams have considered IT security, providing guidance and assistance as necessary.
To ensure that all areas of our Group are assessed for compliance to IT security policies, investigating as necessary and ensuring action plans to resolve or mitigate risk are in place and agreed with the appropriate senior management.
Qualification Degree in computer science (university or university of applied sciences) or equivalent qualifications in conjunction with the appropriate vocational experience
Minimum seven years' IT experience, with five years in an information security role and at least two in a supervisory capacity
Have experience with common information security management frameworks, such as International Standards Organization (ISO) , the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (CobiT) frameworks
Languages German native speaker or fluent in written and spoken
English native speaker or fluent in written or spoken
Responsibilities Establishment of best practice IT security policies Group Wide
To provide guidance, approaches in IT Security to IT Managers & staff
To liaise with the Infrastructure Project Managers and solution delivery managers to ensure that appropriate IT security is integral within solutions during the design phase.
Generation and internal publication of the annual security report
To work with Group internal audit to identify security risks, and establish action plans to mitigate, in conjunction with the appropriate manager
To continually review best practice in IT security and ensure that policies and approaches are optimal and follow best practice.
Investigate any IT security breaches or identified non-compliance with policy and report findings and required actions to resolve to the CIO and CTO
Ensure that policies as adopted in countries comply with all relevant legislation.
To provide input to our Group Risk Register
Recommend and coordinate the implementation of technical controls to support and enforce defined security policies
Provide technical and managerial expertise for the administration of security management tools
Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyse its impact on the existing environment
Develop information materials and workshops on security trends, threats, best practices and control mechanisms for IT, as appropriate
Authorities Definition of the IT security standards in coordination with the Group Head of IT Infrastructure and Services
Is authorised to issue directives to the IT Country Managers, IT COE Heads, the system administrators and IT support staff as well as issuing compliance instructions to business colleagues
In coordination with the CIO he is authorised to disable IT applications partially or wholly if the required level of IT security (confidentiality, availability, integrity) is not present or the operational integrity of our business is at risk
Has access to all IT operational areas of the company