Job Content 

The overarching goal of this position is to define, implement, enhance and support processes, measurements and reporting in order to support the implementation of the Risk Management Life Cycle for Information Security and Data Privacy defined in the Risk Management Framework of the Group. 

The Information Security Assurance Professional is responsible and is in charge of all measures leading to assuring the effectiveness of the Information Security Management Framework and the Data Privacy Management Framework. Thus, he or she owns all activities that lead to continuous compliance with regards to Information Security and Data Privacy.

Responsibilities

• Owns, defines, coordinates and implements all processes and activities necessary to reach and maintain a state of continuous compliance in the area of Information Security and Data Privacy.
• Governs and coordinates with the respective SMEs the implementation of all key risk and performance indicators assuring the effectiveness of information security risk mitigating measures; starting from the definition of measure points, to ensuring their implementation until monitoring and reporting of results; that also includes the recommendation and tracking of improvements, if indicators are outside of their thresholds.
• Defines and implements processes and measurements that allow the execution of the actual assurance work; this includes coordination with all the relevant stakeholders.
• Defines corrective actions with key stakeholders if the scorecard results are not corresponding to the expected results and proactively track their implementation.
• Defines the scorecard landscape and the content of the specific scorecards.
• Ensures an adequate data quality for the data used for reporting purposes.

Requirements

• Bachelor’s Degree in IT Security, Computer Science or Computer Engineering or equivalent.
• Experience in project management and process design.
• Excellent command of German and English.
• Analytical and report writing skills would be a plus.
• Relevant working experience in an information security role and/or with Information Security would be an asset.
• Possession of relevant professional certifications/qualifications such as CISSP, CISM, CIPP/E, Six Sigma or CRISC will be advantageous.
• Strong inter-personal and communication skills.
• Self-starter who is able to work independently, manages initiatives and tasks and has a "drive for results".
• Excellent team skills and integrity in a professional environment.
• Ability to prioritize, multi-task and manoeuvre in a competitive environment.