Cyber Security Officer (m/f/div) Region Europe

What your challenges are

• You work with the CISO to develop a security program and initiate security projects that address identified risks and business security requirements

• You manage the process of collecting, analyzing and assessing the current and future threat landscape, as well as providing the CISO with a realistic overview of risks and threats in the region

• You engage with the CISO to develop budget projections based on short and long-term goals and objectives

• You propose changes to existing internal policies and procedures to ensure operational efficiency and regulatory compliance, i.e., with respect to regional aspects

• You maintain oversight of regional laws and regulations

• You assist and guide the disaster recovery planning team in selecting recovery strategies and in developing, testing, and maintaining disaster recovery plans

• You maintain and improve processes to ensure that security is taken into account in the evaluation, selection, installation and configuration of applications and software

• You ensure the implementation of security design and manage the remediation of identified risks

• You identify the risks and ensure that the rules are enforced in the region in charge

• You prepare and evaluate exception requests

• You conduct audits

• You monitor and report on compliance with security policies, as well as policy enforcement

• You manage processes related to daily activities, identify risk tolerances, recommend treatment plans, and communicate information about residual risks

• You participate (and collaborate) in the development of external IT security standards

• You do have strong leadership skills and the ability to work effectively with business managers

• You also possess the ability to interact with Evonik personnel, build strong relationships at all levels and across business units and organizations, and understand business imperatives

• You demonstrate a strong understanding of the business impact of security tools, technologies and policies

• You are equipped with strong leadership skills, with the ability to develop and mentor information security team members, and work with minimal supervision

• You excel in verbal, written and interpersonal communication skills, including the ability to communicate effectively with regional organization, project teams, management and business personnel You have a deep knowledge and understanding of information risk concepts and principles as a means of linking business needs to security controls

• You have acquired an excellent understanding of industry information security concepts, protocols, best practices and strategies

• You are experienced in working with legal, audit and compliance personnel

• You have experience in developing and maintaining policies, procedures, standards and guidelines

• You should have experience with common information security management frameworks, such as the International Standards Organization (ISO) 2700x or the NIST Cyber Security Framework

• You are familiar with applicable legal and regulatory requirements, such as the US Sarbanes-Oxley Act, the US Health Insurance Portability and Accountability Act (HIPAA), the European GDPR, and the Japanese Financial Instruments and Exchange Act ("J-SOX")

• You are skilled and experienced in creating and managing project plans

• You are competent to perform risk, business impact, control and vulnerability assessments, and to define treatment strategies

• You are knowledgeable and experienced in developing and documenting security architecture and plans, including strategic, tactical, and project plans

• You must have strong analytical skills to analyze security requirements and relate them to appropriate security controls

Tactical and Operational Level

• You actively develop and manage a computer security organization (ISO organization) within the region that ensures cooperation between the various security areas and thus a holistic management of computer security. The ISO organization controls the implementation of corporate IT compliance and IT security guidelines

• You advise, initiate and coordinate the implementation of technical controls to support and enforce defined corporate security policies

• You are accountable for incident management and coordination in the region in charge

• You deliver expert guidance on security issues for projects

Security Liaison

• You facilitate the understanding of and response to safety audit findings reported by auditors

• You work closely with the ISO Global Function team to ensure that the development and implementation of controls and configurations are aligned with security policies and legal, regulatory and audit requirements

• You consistently work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements

• You provide security communication, awareness and training channels to the public, which may range from senior leaders to field employees

• You establish and maintain strategic liaison with vendors, legal and procurement departments to establish mutually acceptable contracts and service level agreements

• You work with the CISO, Global Function ISOs, and business stakeholders to define metrics and reporting strategies that effectively communicate security program successes and progress

• You collaborate with the Group's IT Security Administration

• You participate with other stakeholders, e.g. OSOs for OT security, SO for know-how protection, and DP for data protection

• You act as an active and consistent leader in the regional information security governance process

• You initiate and lead legal and regulatory compliance efforts related to cybersecurity, including audits

Requirements and Qualifications

• You are empowered to manage a team of information security professionals, hire and train new employees, conduct performance reviews, and provide leadership and training, including technical and personal development programs for team members

• You have at least seven years in an information security role, five years of IT experience, and two years in a supervisory role

• You acquired a bachelor's degree in information security or equivalent professional experience; an M.B.A. or M.S. in information security is preferred

• You are certified as CISM, CRISC, ISO 27001 Lead Auditor and CISSP

• You are proficient in business English as well as regional languages

Job-ID: R23349