Laden...
Diese Stelle teilen

Cyber security Governance & Compliance (m/w/d)

Stellenantrag ID:  162
Standort: 

Köln, NW, DE, 50679

Abteilung:  Informationstechnologie
Datum: 

“ARLANXEO ist ein weltweit führender Anbieter für synthetische Elastomere, der Kunden auf allen Kontinenten mit hochwertigen Produkten beliefert.

Zur Verstärkung unseres Teams suchen wir Sie ab sofort als " Cyber security Governance & Compliance (m/w/d)  

The officer of Information Security / Cybersecurity Governance & Compliance is to lead the development and operations of ARL’s enterprise Governance & Compliance framework definition, publishing & and implementation. As the officer of Governance & Compliance, he/she will utilize the domain of expertise and business knowledge to integrate the Information Governance, NIST framework, as well as the ARAMCO group policies & standards for all implemented systems and processes as well as for all projects.

 

Requirements

 

  • As the successful candidate, you will hold a Bachelor's degree or equivalent experience, in or Associate degree with 3 additional years of experience in the IT, IT-Security or cybersecurity field.
  • University degree or equivalent experience in IT topics and a professional working background in security topics for more than 5 years.
  • Well-versed with various IT & cyber security policies / standards especially IT Security policy, Identify and Access Management, Change Management, Vulnerability Management, Remote Access, Risk Management, Business Continuity & Disaster, Incident Response policy, Data Classification, Asset Management, Data Protection.
  • Well-versed NIST / ISO 27001 frameworks / standards.
  • Fluent in English language for professional verbal communication and as well as for creation of policies, standards and reports with correct spelling and grammar. Additional languages is a plus (German, French, Dutch, Portuguese)
  • Travel mobility as the company has production, warehousing and office sites in AMERICAS,  APAC and EMEA and Saudi Arabia.
  • One or more of the following certifications is preferred:
    • NIST
    • ISO 27001 Lead Auditor
    • BSI Lead Auditor
    • CISA
    • CRISC
    • CISM
    • CISSP
  • Very good knowledge of relevant standards (NIST, ISO 2700x, Cobit, ISO/IEC 19011, 22301, BSI Grundschutz) and an ability to apply them appropriately
  • Provable track of successfully operated in the Governance and / or Compliance areas
  • Understanding of Threat and Risk methodologies/techniques and the interpretation/application of their output in the definition of Information- and IT-Security Solutions.
     

Technical skills

 

  • Experience standards & policies especially or solutions and products in the following IT security domains:
    • Access Control Systems and Methodology
    • Telecommunications and Network Security
    • Business Continuity Planning and Disaster Recovery Planning
    • Security Management Practices
    • Security Architecture and Models
    • Application and Systems Development Security
    • Cryptography
    • Computer Operations Security
    • Physical Security
  • Experience with standards prone areas in the fields of
    • Production plant related OT / ICS / PCT / PCS DCS
    • Identity Life Cycle Management
    • Monitoring and logging of non-privileged and privileged access
    • Back-up and restore, Disaster recovery
    • Business Continuity Management
    • Incident Response
    • Security Baselining & Change Management
    • Data Governance, Privacy, Protection and Security
    • Cloud Security

 

Non-technical skills

 

  • Team player with strong personal skills
  • Analytical skills required to conduct technology and risk assessments, gap analysis, identifying (re)engineering or (re)architecting initiatives
  • Build, develop and sustain relationships with IT and business and participating in networking activities
  • Technical writing and reporting
  • Verbal and nonverbal communication
  • Presentation and information delivery
  • Effective time management skills by completing assignments within budgets and calendar schedules
  • Engage in professional development activities, including completion/renewal of professional certification(s)
  • Problem solving skills to generate ideas for mitigating identified gaps and vulnerabilities

 

Duties & Responsibilities:

 

Your principal duties will include the following:

 

  • Develop and lead the cybersecurity framework – policies and standards, based on NIST framework, Aramco group framework and business needs.
  • Integrate the results of business impact assessments as well as the cybersecurity risk assessments into the company cybersecurity framework.
  • Support - from a governance and compliance perspective – the security risk assessment processes, the technical assessments with IT project managers and providers, cloud services, complex IT architectures, internet platforms, data centers etc.
  • Review existing and proposed system configurations and designs to ensure compliance with security controls and baselines.
  • Support - from a governance and compliance perspective – the risk mitigation & remediation actions.
  • Participate, prepare and lead the cybersecurity audits and assessments.
  • Track and follow up with IT and IT Security team on various audit findings/observations.
  • Develop, review, update, maintain and communicate IT and cybersecurity governance documents.
  • Establish, maintain and enforce policy, guidelines and baselines related to security for the users and administration of IT systems and services.
  • Identify opportunities to improve existing policies, procedures, standards, guidelines and training programs
  • Track mitigation progress and provide status update to Management.
  • Build good relationships with auditors and all stakeholders.
  • Lead periodic projects (assisting with research, special analysis requested by Project Managers, CISO, etc.)

“ Haben wir Ihr Interesse geweckt? Dann bewerben Sie sich online mit Ihren vollständigen Bewerbungsunterlagen (Anschreiben, Lebenslauf, Zeugnisse).

Wir begrüßen Bewerbungen aller Menschen ungeachtet von ethnischer Herkunft, Nationalität, Religion, Weltanschauung, Geschlecht, Alter, Behinderung, Aussehen und/oder sexueller Identität. Wir bekennen uns zu dem Grundsatz, alle Bewerberinnen und Bewerber fair zu behandeln und Benachteiligungen zu vermeiden.”


Jobsegment: Telecom, Telecommunications, Engineer, Technical Writer, Technology, Engineering, Research