What you can expect
Explore a world of opportunities with us. Look ahead with us and help shape innovative solutions to make our world more sustainable and life healthier, more vibrant and more comfortable.
At Evonik, you have the chance to explore, thrive, and grow alongside 33,000 colleagues. Among attractive career paths and high-quality development programs, we not only offer performance-based remuneration and occupational health benefits but also hybrid and flexible working environments with #SmartWork.
Bring your fresh perspective, develop your strengths, break out your mold, and find a career that fits your dreams with us.
Click on the link below to learn what our employees have to say about Evonik:
https
://careers.evonik.com/en/about/meet-the-team/
What your challenges are
You work with the CISO to develop a security program and initiate security projects that address identified risks and business security requirements
You manage the process of collecting, analyzing and assessing the current and future threat landscape, as well as providing the CISO with a realistic overview of risks and threats in the region
You engage with the CISO to develop budget projections based on short and long-term goals and objectives
You propose changes to existing internal policies and procedures to ensure operational efficiency and regulatory compliance, i.e., with respect to regional aspects
You maintain oversight of regional laws and regulations
You assist and guide the disaster recovery planning team in selecting recovery strategies and in developing, testing, and maintaining disaster recovery plans
You maintain and improve processes to ensure that security is taken into account in the evaluation, selection, installation and configuration of applications and software
You ensure the implementation of security design and manage the remediation of identified risks
You identify the risks and ensure that the rules are enforced in the region in charge
You prepare and evaluate exception requests
You conduct audits
You monitor and report on compliance with security policies, as well as policy enforcement
You manage processes related to daily activities, identify risk tolerances, recommend treatment plans, and communicate information about residual risks
You participate (and collaborate) in the development of external IT security standards
Tactical and Operational Level
You actively develop and manage a computer security organization (ISO organization) within the region that ensures cooperation between the various security areas and thus a holistic management of computer security. The ISO organization controls the implementation of corporate IT compliance and IT security guidelines
You advise, initiate and coordinate the implementation of technical controls to support and enforce defined corporate security policies
You are accountable for incident management and coordination in the region in charge
You deliver expert guidance on security issues for projects
Security Liaison
You facilitate the understanding of and response to safety audit findings reported by auditors
You work closely with the ISO Global Function team to ensure that the development and implementation of controls and configurations are aligned with security policies and legal, regulatory and audit requirements
You consistently work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements
You provide security communication, awareness and training channels to the public, which may range from senior leaders to field employees
You establish and maintain strategic liaison with vendors, legal and procurement departments to establish mutually acceptable contracts and service level agreements
You work with the CISO, Global Function ISOs, and business stakeholders to define metrics and reporting strategies that effectively communicate security program successes and progress
You collaborate with the Group's IT Security Administration
You participate with other stakeholders, e.g. OSOs for OT security, SO for know-how protection, and DP for data protection
You act as an active and consistent leader in the regional information security governance process
You initiate and lead legal and regulatory compliance efforts related to cybersecurity, including audits
Requirements and Qualifications
You are empowered to manage a team of information security professionals, hire and train new employees, conduct performance reviews, and provide leadership and training, including technical and personal development programs for team members
You have at least seven years in an information security role, five years of IT experience, and two years in a supervisory role
You acquired a bachelor's degree in information security or equivalent professional experience; an M.B.A. or M.S. in information security is preferred
You are certified as CISM, CRISC, ISO 27001 Lead Auditor and CISSP
You are proficient in business English as well as regional languages
What we’re looking for
You do have strong leadership skills and the ability to work effectively with business managers
You also possess the ability to interact with Evonik personnel, build strong relationships at all levels and across business units and organizations, and understand business imperatives
You demonstrate a strong understanding of the business impact of security tools, technologies and policies
You are equipped with strong leadership skills, with the ability to develop and mentor information security team members, and work with minimal supervision
You excel in verbal, written and interpersonal communication skills, including the ability to communicate effectively with regional organization, project teams, management and business personnel You have a deep knowledge and understanding of information risk concepts and principles as a means of linking business needs to security controls
You have acquired an excellent understanding of industry information security concepts, protocols, best practices and strategies
You are experienced in working with legal, audit and compliance personnel
You have experience in developing and maintaining policies, procedures, standards and guidelines
You should have experience with common information security management frameworks, such as the International Standards Organization (ISO) 2700x or the NIST Cyber Security Framework
You are familiar with applicable legal and regulatory requirements, such as the US Sarbanes-Oxley Act, the US Health Insurance Portability and Accountability Act (HIPAA), the European GDPR, and the Japanese Financial Instruments and Exchange Act ("J-SOX")
You are skilled and experienced in creating and managing project plans
You are competent to perform risk, business impact, control and vulnerability assessments, and to define treatment strategies
You are knowledgeable and experienced in developing and documenting security architecture and plans, including strategic, tactical, and project plans
You must have strong analytical skills to analyze security requirements and relate them to appropriate security controls
What we offer
With us, performance-based compensation and support for your personal development and professional qualifications are not the only things you can expect as a matter of course. Discover your other benefits with us:
Flexible working hour models
Mobile working
Onboarding and mentoring programs
Company pension plan
Supplementary insurance
Employee stock options
Support for maintaining mental fitness
Meal and nutrition programs for employees
Sports and exercise programs
Childcare facilities, childcare allowance, vacation program for children
Support services for caring for relatives (e.g. time-off from work)
Your Application
To ensure that your application is proceeded as quickly as possible and to protect the environment, please apply online via our
careers
portal
. Further information about Evonik as Employer can be found at
https://careers.evonik.com
.
Please address your application to the Talent Acquisition Manager, stating your earliest possible starting date and your salary expectations. If you have any questions regarding the application process, please call our Evonik Candidate Support at 0800 2386645 (Germany only) or +49 201 177 4200.
Your Talent Acquisition Manager:
Christina Melo
Company is
Evonik Industries AG
Werkzeugmechaniker (m/w/d) Fräsmaschinen - expertum GmbH
Sachbearbeiter - Qualitätssicherung (d/m/w) - wirkaufendeinauto.de
Talent Acquisition Coordinator (m/f/d)
- Alvarez and Marsal
Manager Supply Chain Reporting and Analytics (f/m/div)
- Infineon Technologies
Multibranded Counter Manager (m/w/d) Fragrance / La Mer in Nürnberg
- The Estée Lauder Companies
Click Here & Apply
Recommended Jobs:
Karlsruhe - FULL TIME - 2024-04-19
Kreuzberg - FULL TIME - 2024-04-19
Homeoffice - FULL TIME - 2024-04-20
München - FULL TIME - 2024-04-20
Nürnberg - FULL TIME - 2024-04-20