Group Information Security Risk Manager (m/f) in Group IT Risk & Security

Vor Ort
12 Monate
flag_no Deutschland
Florentina Krasniqi

Dieses Projekt ist archiviert und leider nicht (mehr) aktiv.
Sie finden vakante Projekte hier in unserer Projektbörse.
Wir suchen für ein Kundenprojekt aus der Versicherungsbranche einen Group Information Security Risk Manager (m/f) in Group IT Risk & Security.

The clients IT Risk and Security function ensures that IT risks that may impact the successful delivery of clients business objectives are identified and properly addressed. It ensures that client information is adequately protected, in line with legal and regulatory requirements. The clients IT Risk & Security function maintains the clients IT Risk and Security strategies and oversees clients IT Security Program. The main objectives of client IT Risk and Security are:

1. Develop an IT Risk Management culture within client. This is achieved by maintaining a strong IT Risk management framework, by providing business visibility on IT risks and by ensuring that plans are in place to address these risks

2. Build a strong Information Security Community within client and with key external partners and institutions

3. Maintain a high level, practical set of policies and standards for use by the clients Group and all operating entities

4. Govern and lead key global security initiatives and solutions that strengthen clients resilience to Cyber-attacks, minimize risks of data loss and maximize availability and reliability of clients IT Systems

5. Ensure excellent awareness in the area of Information Security and IT Risk for all clients employees.


Your new duties and responsibilities

The main responsibility of the Information Security Risk Manager (m/f) will be to perform IT Risk reviews and assessments, to oversee Information Security compliance and to support the top risk assessment process. Key duties include:
•Evolve the concept and manage the regular Information Security compliance reviews of the clients Standard for Information Security
•Perform IT Risk and Security assessments of group wide projects and applications including reporting and communication
•Provide Subject Matter Expertise in IT Risk and Information Security in IT projects and support the identification of the required security controls and security architecture in key security projects
•Follow up with IT Risks (including significant Security Incidents) identified and support the top risk assessment process and identification of mitigation measures
•Define and implement metrics and reporting for security and performance measurements
•Define and implement top management reporting on IT Risks and integrate into an overall IT Risk Framework
• Identify and investigate areas of wider control optimization across the Group

Another main topic will be to work on Security Guidelines, Processes and Policy
•Conduct information security violation analysis (forensics) and trigger internal review and auditing work
•Conduct and support internal review auditing of security controls (enforce information security controls)
•Support establishment of data classification rules
•Support setup and deployment of Information Security governance and processes in clients Group
•Actively involve Organizational Entities and Shared Service Centers regarding client security
•Define decision governance and escalation path for OE security decisions and for Group/SSC interfaces
•Administer and improve practical and value-adding global information security policies


•Degree in Computer Science, Physics, Mathematics, Business Information Systems or related field is required. Master's degree required.
•Professional certifications in Project Management (PMI, PMP, et. al.),Process Management (e.g. ITIL) as well as IT Security (CISSP, CISM, ISO27xxx et. al.)
•Knowledge of current main IT Security technologies and architecture (firewalls, Virtual Private Networks, vulnerability / penetration testing and other security devices)
•Successful track record in working for large and diverse international organizations
•Fluent English mandatory; a good command in German a clear plus

Experience & Key Skills
•6-10 years of significant, professional experience in information technology (IS) and a high level of understanding of contemporary hardware and software architectures,
•Understanding of best practices (ISO27XXX, ITIL, COBIT, etc.) and information technology security
•High quality analytical skills, management experience
• Excellent Interpersonal skills
•Ability to establish relationships across all business areas and act in a consultative manner to identify the security requirements applicable to each business area and to intertwine security needs with the goals and objectives of the organization
•Ability to interact with a wide range of internal staff members and external professionals, including regulators, consultants, auditors, legal counsel, and others.

Vertrag: Contract

Start: asap


Projektdauer: langfristig

Einsatzland: Deutschland

Einsatzort: München

Wenn mein Projektangebot Ihr Interesse geweckt hat, freue ich mich auf Ihre Email, in der Sie mir idealerweise Ihr Profil zusenden und Ihren Stundensatz nennen.

Auch freue ich mich, wenn Sie besondere Erfahrungen zum genannten Thema erläutern.

Richten Sie ihre Bewerbung bitte an:

Agnieszka Nowicka

Recruiting Expert

Tel: +49 (89)

Fax: +49 (89)

TOPjects GmbH

Allgeier Experts / Division of Allgeier Group

Stefan-George-Ring 6

81929 München