Job
- Level
- Senior
- Job Field
- IT, Security
- Employment Type
- Full Time
- Contract Type
- Permanent employment
- Location
- Friedrichshafen
- Working Model
- Onsite
Job Summary
In this role, you will design the information security strategy, implement ISO 27001, and develop guidelines for safe data handling while coordinating with internal stakeholders and overseeing audit processes.
Your role in the team
- Active support in the design, implementation, and target group-oriented communication of the RRPS Information and Cyber Security Strategy within the context of overall security objectives.
- Central contact for questions related to processes, regulations, and action guidelines for the secure handling of corporate information and data, both within and outside IT systems.
- Regular review and adjustment of the existing ISMS according to ISO 27001, including the development, definition, and provision of additional binding information security policies, guidelines, and process / procedure instructions based on internationally recognized standards (primarily ISO 27001, NIST CSF, etc.).
- Coordination of these adjustments with all key internal stakeholders / governance processes such as confidentiality protection, export control, product cyber security, data protection, business continuity management, enterprise risk management, etc.
- Active support of all organizational units in implementing and complying with the ISMS requirements, including conception and active participation for the necessary certification according to ISO 27001 within the context of regulatory (including EU NIS2) or business requirements within a predefined scope.
- Monitoring the compliance with national and international regulatory requirements in the field of information security within departmental and business projects as well as in IT operations.
- Recording of external and internal requirements (customers, regulators, departments, etc.) for addressing and translating into internal policies and standards of the ISMS, as well as exchange and coordination with relevant internal and external stakeholders.
- Identification, assessment, classification, management, and reporting of information, cyber, and IT risks, among others, based on the ISO 31000 standard.
- Development of an efficient methodology and implementation of protection needs assessments to actively support organization-wide Business Impact Analyses (based on standard ISO 22301) as well as the presentation of key figures and reports.
- Development, documentation, and implementation of risk-based, comprehensive audit processes for information security, including continuous audit planning in coordination with data protection, internal audit, etc.
- Collection and regular provision of key figures to manage the operational measures of the ISMS, including analysis and presentation of its effectiveness across the entire organization.
- Coordination and active support of audits for suppliers, partners, and service providers, including responding to relevant questionnaires and audit preparations.
- Active support of the business units and sales in reviewing and negotiating customer contract requirements related to Information and Cyber Security (especially relevant for customers in the critical infrastructure sector to meet KRITIS, IT-SIG, and EU NIS2 requirements).
This text has been machine translated. Show original
Our expectations of you
Education
- Successfully completed degree in Information/IT Security, Computer Science, or a comparable qualification.
Qualifications
- Excellent knowledge of regulatory and legal requirements in the context of information security, e.g., EU NIS2, KRITIS, IT-SIG, etc.
- Ideally, a certification as ISO 27001 Lead Implementer / Auditor, TISP, CISSP, CISM, BSI-IT Grundschutz Practitioner/Consultant, or comparable.
- High technical understanding of IT and cybersecurity as well as information technology in general.
- Strong analytical and conceptual skills with a precise work approach.
- Team player with commitment, independent working style, and a high sense of responsibility.
- Persuasion and enthusiasm in active communication with a wide range of internal and external stakeholders to represent the interests of Information and Cyber Security at RRPS, while acknowledging and considering other requirements and/or perspectives.
- Fluent German language skills and very good English language skills in spoken and written form are essential.
Experience
- Very good, proven knowledge and experience in the field of information security, risk management, and business continuity management in an international, regulated environment (e.g., ISO 27001, ISO 31000, ISO 22301, NIST CSF, BSI-IT Grundschutz, etc.).
- Several years of professional experience (at least 5 years) in Information Security Governance, taking into account the aforementioned information security and industry standards.
This text has been machine translated. Show original
What we offer
- Healthy and fair working conditions through collective bargaining agreements (metal and electrical industry).
- Company-owned health insurance BKK MTU for our employees and their family members.
- Comprehensive corporate health management including a company fitness program (EGYM Wellpass).
- Attractive company pension scheme - Save for your retirement with us!
- Occupational disability insurance - protection for all cases!
- Mobility support in everyday life - JobTicket and Jobrad.
- Corporate Benefits Program - Attractive employee discounts on numerous leading brands.
This text has been machine translated. Show original
Benefits
Health, Fitness & Fun
More net
Work-Life-Integration
Topics that you deal with on the job
Job Locations
This is your employer
Rolls-Royce Deutschland Ltd & Co. KG
A passionate team of more than 3,500 employees from over 50 countries is working at Rolls-Royce Germany to design, manufacture and maintain modern aircraft engines.
Description
- Company Size
- 250+ Employees
- Company Type
- Established Company
- Working Model
- Hybrid, Onsite
- Industry
- Industry, Production
Information Security Expert
- Location
- Friedrichshafen
- Working Model
- Onsite
- Diversity
- Open for all genders
