GEA is one of the largest suppliers for the food and beverage processing industry and a wide range of other process industries. Approximately 18,000 employees in more than 60 countries contribute significantly to GEA’s success – come and join them! We offer interesting and challenging tasks, a positive working environment in international teams and opportunities for personal development and growth in a global company.
Information Security, Business Continuity & Crisis Management
Position type: Full time
Site:
Your responsibilities and tasks:
1. Oversees ISMS Implementation and Controls: Manages the local implementation of the ISMS, ensuring that security controls and measures align with the organisation's overall framework and policies.
2. Local Information Security Compliance: Ensures the application and adherence to information security requirements at the local level, maintaining compliance with global standards.
3. Advises on Information Security Matters: Provides guidance to the site manager on matters related to information security, ensuring that potential risks and vulnerabilities are appropriately addressed.
4. Supports Local Process Owners: Based on global directives, assists local process owners with information and asset inventory, classification, risk identification and assessment, as well as the definition and monitoring of appropriate security measures within business processes.
5. Integrates Security into Local Processes: Ensures that information security requirements are fully integrated into local business processes to maintain compliance and safeguard information assets.
6. Leads Awareness and Training Initiatives: Organises and manages local awareness and training programs on information security, ensuring a high level of employee participation, with demonstrable proof of engagement.
7. Manages Local Security Incidents: Handles local information security incidents promptly and in accordance with established protocols to mitigate risks.
8. Identifies Local Processes and Owners: Identifies all local processes within the ISMS scope and assigns the appropriate process owners, ensuring that these individuals are aware of the relevant policies.
9. Facilitates Risk and Protection Analysis: Works with process owners to analyse and determine the appropriate level of protection needed for each process, ensuring comprehensive risk assessments are performed.
10. Supports Security Measures Design and Documentation: Collaborates with process owners to design and document necessary information security measures, facilitating the creation of evidence documents that demonstrate the operational effectiveness of controls.
11. Ensures Asset and Application Reporting: Ensures that all process owners report on relevant assets, systems, and applications necessary to perform their respective processes, with particular attention to systems, applications, and infrastructure.
12. Assigns Risk Ownership: Allocates identified risks to the appropriate risk owner, ensuring their commitment to the role and associated responsibilities.
13. Supports Risk Mitigation: Works with risk owners to design suitable countermeasures to mitigate identified risks, ensuring an effective risk treatment process.
14. Consolidates Risk Treatment Reports: Collects and consolidates risk treatment progress reports from risk owners, ensuring that this information is accurately communicated to senior management.
15. Identifies Asset Owners: Identifies all relevant asset owners responsible for the assets and applications that support the processes within the ISMS scope.
16. Ensures Asset Owners are Informed: Ensures that asset owners are fully aware of the relevant policies and security requirements pertaining to their assets.
17. Guides Asset Risk Analysis: Instructs asset owners to perform risk analysis to identify vulnerabilities and necessary security controls, providing support as needed.
18. Supports Procedural Documentation: Assists asset owners in the creation, implementation, and documentation of procedural information security measures to ensure robust protection and compliance with ISMS requirements.
Your profile and qualifications:
1. Bachelor or Master Degree in Information Technology/ Computer Science / Cybersecurity, Business Administration, or a related technical discipline.
2. IT Security Certifications advantageous (e.g. ITIL, COBIT, CISA, CISM).
3. Information security Certifications: ISMS Lead Implementer, ISMS Lead Auditor, additional in accreditation of a certification body.
4. 3+ years of experience in Cyber- or Information Security.
5. Good know-how in management systems, audits, dealing with audit findings.
6. Knowledge of security standards such as ISO, PCI, HIPAA and SOX.
7. Experience in multivendor Management and dealing with multiple suppliers.
8. IT Service Management and ITIL process framework.
9. Strong interpersonal skills in communication and collaboration, fostering effective teamwork and positive relationships.
10. Highly organised with robust project management skills, ensuring a structured and methodical approach to tasks and deadlines.
11. Strong analytical and problem-solving abilities, capable of assessing challenges and delivering effective solutions.
12. Proficient in financial management, with experience in budget ownership and oversight.
GEA is an equal opportunity employer. Applicants will therefore receive consideration for employment without regard to age, sex, race, color, religion, world view, national origin, genetics, disability, gender identity, marital status, sexual orientation, veteran status or any other protected characteristic required by applicable law. Applicants with disabilities are welcome and will be given special consideration if they are equally qualified.
#J-18808-Ljbffr