Senior Manager Information Security and Privacy (m/f/d)
Eckdaten der angebotenen Stelle
Arbeitgeber | TechMinds GmbH |
Postleitzahl | 60311 |
Ort | Frankfurt am Main |
Bundesland | Hessen |
Gepostet am | 22.11.2024 |
Remote Option? | - |
Homeoffice Option? | - |
Teilzeit? | - |
Vollzeit? | - |
Ausbildungsstelle? | - |
Praktikumsplatz? | - |
Unbefristet? | - |
Befristet? | - |
Stellenbeschreibung
Your Tasks You develop an information security vision and strategy aligned to organizational objectives and implement a strategic and comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled, or/and processed by the organization. You provide regular reporting on the status of the information security program to measure the efficiency and effectiveness of the program. You collaborate with business units to facilitate information security risk assessment and risk management processes. You establish and lead the execution of a best practice driven information security management framework and steering model to assure the proactive assessment and mitigation of any information security risk in the company’s ecosystem consisting of supply chain partners, vendors, consumers and any other third parties. You establish and execute governance processes to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management. You create a framework for roles and responsibilities for information ownership, classification, accountability, and protection of information assets. You assist with the consolidation and continuous governance of IT assets within the organization and apply security governance measures to these assets to reduce business risk. You collaborate with the enterprise architecture team to ensure that information security requirements are implicitly included within the reference architecture by design. You ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy. You manage and restrict information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company’s reputation. You monitor the external threat environment for emerging threats and advise on the appropriate courses of action. You develop and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with focus on the cloud strategy. You serve as Data Privacy Coordinator and assume accountability for ensuring the application of data privacy regulations as mandated by Legal, Compliance and Data Protection teams. You act as an advisor to business functions to ensure a strong, efficient, and sustainable global data privacy environment in the organization. You act as an internal consultant for regulatory reviews regarding data privacy issues and information request responses. You arrange meetings and briefings with the legal and data protection owners and address follow-up actions with the different business functions. You ensure that the IT systems and procedures comply with all relevant data privacy and protection laws, regulations, and policies. Your Benefits You are part of an international and innovative working environment. You have a responsible position that requires teamwork and a high level of personal commitment. You get 31 vacation days. There are remote work possibilities. The working hours are flexible. There are benefits like a company pension scheme and discounts. Your Profile You have passion to work for a global fast growing medical technology organization. You are able to multi-task in a flexible and effective manner. You have several years of experience in a combination of risk management, information security and privacy coordinator roles, including recent experience in a security and privacy leadership role, ideally within healthcare/medtech industry. You have deep understanding of international medical device standards and regulations (e.g. HIPAA) relevant to information security and privacy. You have demonstrated exposure to global privacy regulations across USA, European Union and China, with deep insight to GDPR implementation for IT systems. You have proven experience with relevant standards and frameworks – NIST or BSI and ISO standards. You are experienced in cloud security, identity and access management in the cloud, and modern security concepts such as zero trust and security by design. You are willing to roll up the sleeves and dig into operational aspects in course of managing information security. You have proven expertise in influencing decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital. Your soft and interpersonal skills, including teamwork, facilitation and negotiation in a multi-cultural environment are exceptional. You have excellent written, verbal, communication and presentation skills with the ability to articulate information security and risk-related ideas and concepts to technical and nontechnical audiences. You are able to balance the long-term (“big picture”) and short-term implications of individual decisions and organization goals. Knowledge of business models, operating models, financial models, cost-benefit analysis, budgeting and risk management is preferred. Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials. You are business fluent in German and have good English language skills. Your Application Please send us your application via the following application button or by email to bewerbung@techminds.de. We will only present your application documents to our client if we have your consent. #J-18808-Ljbffr