Diese Stelle teilen

Information Security GRC & Risk Manager (m/f/d)

Stellenantrag ID:  584

Köln, DE, 50569

Abteilung:  Informationstechnologie
Datum:  25.11.2021

“ARLANXEO ist ein weltweit führender Anbieter für synthetische Elastomere, der Kunden auf allen Kontinenten mit hochwertigen Produkten beliefert.

Zur Verstärkung unseres Teams suchen wir Sie ab sofort als " Information Security GRC & Risk Manager (m/f/d)

Under the CISO, the Manager of Information Security / Cybersecurity GRC (Governance, Risk & Compliance) & Risk Manager is responsible to manage and lead the definition, implementation, development, reporting and operational improvement of ARL’s enterprise Information Security and cybersecurity for IT, OT covering the entire ARLANXEO Functions & processes in the following areas :


Governance 30%: Support the Information Security GRC & Governance manager in all key operational and strategical Governance processes, including standards definition, framework development, consultation with stakeholders, review and publishing of the Information Security Governance framework – Policies, Standards and Baselines.


Risk Management 60%t: To manage and lead all the strategical and operational processes in the Risk area, including Business Impact Assessments, Risk Assessments.

Maintain the Information Security risk register, integrating monitoring, aggregating and reporting risks and threads

Reporting and following-up on exceptions, improvements, recommendations non-conformities and validated mitigations measures


Compliance 10%: Jointly with the Information Security GRC & Risk Manager to organize and manage the Information Security Compliance checks processes related to the Information Security / Cybersecurity, supported by the ARLANXEO internal key functions like Internal Auditing or Quality Management.

Organize and manage external assessments, requested by the ARLANXEO or by the ARAMCO group, outsourced to global partners.


As an officer of Governance, Risk & Compliance, he/she will utilize the domain of expertise and business knowledge to integrate the Information Security needs from the NIST framework as well as the ARAMCO group policies & standards for all implemented systems and processes including projects.



As the successful candidate, you will hold a Bachelor's degree or equivalent experience, in or Associate degree with 3 additional years of experience in the IT, IT-Security or cybersecurity field.

University degree or equivalent experience in IT topics and a professional working background in security topics for more than 5 years.

Well-versed with various IT & cyber security policies / standards especially IT Security policy, Identify and Access Management, Change Management, Vulnerability Management, Remote Access, Risk Management, Business Continuity & Disaster Recovery, Incident Response Management, Data Classification, Asset Management, Data Protection.

Well-versed NIST / ISO 27001 frameworks / standards.

Fluent in English language for professional verbal communication and as well as for creation of policies, standards and reports with correct spelling and grammar. Additional languages is a plus (German, French, Dutch, Portuguese, Chinese)

Travel mobility as the company has production, R&D, warehousing, office and key interests in Europe, Americas, Asia and Saudi Arabia.

One or more of the following certifications is preferred:


ISO 27001 Lead Auditor

BSI Lead Auditor





Very good knowledge of relevant standards (NIST, ISO 2700x, IEC 62443, Cobit, ISO/IEC 19011, 22301, BSI Grundschutz) and an ability / experience to apply them appropriately

Provable track of successfully operated in the Governance, Risk Management and / or Compliance areas

Understanding of Threat and Risk methodologies/techniques - with qualitative and quantitative approaches - and the interpretation/application of their output in the definition of Information- and IT/OT-Security Solutions.


Technical skills


Experience standards & policies especially or solutions and products in the following IT security domains:

Experience in Risk Management processes including implementation / development

Access Control Systems and Methodology

Telecommunications and Network Security

Business Continuity Planning and Disaster Recovery Planning

Security Management Practices

Security Architecture and Models

Application and Systems Development Security


Computer Operations Security

Physical Security

Experience with standards prone areas in the fields of

Production plant related OT / ICS / PCT / PCS DCS

Identity Life Cycle Management

Monitoring and logging of non-privileged and privileged access

Recovery & Disaster recovery

Business Continuity Management

Incident Response

Security Baselining & Change Management

Data Governance, Privacy, Data Protection and Security

Cloud Security



Non-technical skills


Team player with strong personal skills

Analytical skills required to conduct technology and risk assessments, gap analysis, identifying (re)engineering or (re)architecting initiatives

Build, develop and sustain relationships with IT and business and participating in networking activities

Technical writing and reporting

Verbal and nonverbal communication

Presentation and information delivery

Effective time management skills by completing assignments within budgets and calendar schedules

Engage in professional development activities, including completion/renewal of professional certification(s)

Problem solving skills to generate ideas for mitigating identified gaps and vulnerabilities



Duties & Responsibilities:


Your principal duties will include the following:


Develop and lead the Information Security / Cybersecurity Risk Management processes, including the integration the ARLANXEO ERM and Aramco group information security Risk process.

Develop and lead the Information Security / Cybersecurity framework – policies and standards, based on NIST framework, Aramco group framework and business needs.

Manage and coordinate the Information Security / cybersecurity compliance in cooperation with ARLANXEO, ARAMCO key functions as well as global partners.

Integrate the results of business impact assessments, risk assessments and maturity assessments into the company cybersecurity framework as well as IT and OT framework.

Support - from a governance and compliance perspective – the security risk assessment processes, the technical assessments with IT project managers and providers, cloud services, complex IT architectures, internet platforms, data centers etc.

Review existing and proposed system configurations and designs to ensure compliance with security controls and baselines.

Support - from a governance and compliance perspective – the risk mitigation & remediation actions.

Participate, prepare and lead the cybersecurity audits and assessments.

Track and follow up with IT and IT Security team on various audit findings/observations.

Develop, review, update, maintain and communicate IT and cybersecurity governance documents.

Establish, maintain and enforce policy, guidelines and baselines related to security for the users and administration of IT systems and services.

Identify opportunities to improve existing policies, procedures, standards, guidelines and training programs

Track mitigation progress and provide status update to Management.

Build good relationships with auditors and all stakeholders.

Lead periodic projects (assisting with research, special analysis requested by Project Managers, CISO, etc.)

“Haben wir Ihr Interesse geweckt? Dann bewerben Sie sich online mit Ihren vollständigen Bewerbungsunterlagen (Anschreiben, Lebenslauf, Zeugnisse).

Wir begrüßen Bewerbungen aller Menschen ungeachtet von ethnischer Herkunft, Nationalität, Religion, Weltanschauung, Geschlecht, Alter, Behinderung, Aussehen und/oder sexueller Identität. Wir bekennen uns zu dem Grundsatz, alle Bewerberinnen und Bewerber fair zu behandeln und Benachteiligungen zu vermeiden.”

Jobsegment: Telecom, Telecommunications, Information Technology, IT Manager, Information Security, Technology