IT Risk & Security (Senior) Manager (m/w/d)

If you like change, change to us

We are an international mid sized group with appetite for innovations, approachable management, lead by objectives / targets which give the opportunity of a wide range of empowerment. We as a growth oriented market leader invite you to join us on our journey from good to great!

The IT Risk & Security (Senior) Manager translates the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develops metrics for ongoing performance measurement and reporting. The IT Risk & Security (Senior) Manager coordinates the IT-organization's technical activities to implement and manage security infrastructure, and to provide regular status and service-level reports to management.

The IT Risk & Security (Senior) Manager is a leadership role that reports directly to the CIO and requires an individual with a strong technical background, as well as an ability to work with the IT-organization and business management to align priorities and plans with key business objectives.

Responsibilities

The IT Risk & Security (Senior) Manager’s job is composed of a variety of activities, including tactical, operational, and strategic activities, such as:

• IT-Security governance.
• IT-Risk & Audit Management.
• IT-Security Awareness Measures.
• Conduct external penetration Test.
• Lead strategic security projects.
• Steering & escalations of security operations, i.e. incident management.
• Continuous exchange with compliance organization, i.e. in Data Protection (GDPR) related matters.
• Evolve OT-Security measures & governance.
• Develop (IT-) Business Continuity Management measures.

Requirements

• A minimum of seven years of IT experience, with five years in an information security role and at least two years in a supervisory capacity.
• A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
• Strong Leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff.
• The ability to interact with Norma Group personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
• A strong understanding of the business impact of security tools, technologies, and policies.
• Strong leadership abilities, with the capability to develop and guide information security team members and IT operations personnel, and work with minimal supervision.
• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT-Organization, project and application development teams, management, and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies.
• Experience working with legal, audit and compliance staff.
• Experience developing and maintaining policies, procedures, standards, and guidelines.
• Experience with OT-Security methods is preferred.
• Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL), TISAX and Control Objectives for Information and Related Technology (COBIT) frameworks.
• German language skills on a native level or minimum C2 - mandatory.