Job Title: Lead Information Security and Compliance Officer
Location: Münich - remote working possible
Start Date: ASAP or by appointment
Job Type: Permanent
The Lead ISCO is the primary customer contact for all security related subjects at strategic and tactical level like security policy, compliancy and risk management. It is a client facing activity, related to a specific project or program. The ISO is the link between the business and security teams of the clients and OBS security organization.
The role of the ISCO is to:
- Protect the interests of the client relying on information, and to protect the systems and communications that deliver the information, from harm resulting from failures of availability, confidentiality, integrity, authenticity and non-repudiation
- Improve Information Security processes
- Act as a trusted advisor for all security concerns
- Align security strategy with client business goals taking into consideration allocated budgets
- set and enforce security policies and business continuity
- Ensure the compliance with security requirements defined in the contract
- Ensure the compliance with OBS security requirements, security standards and certifications.
- Reduce the complexity of managing security during huge implementations/migrations
- Provide support during compliance audits
- Interface between the client security team and the Orange organization
- Provide assistance in risk management
- Provide assistance in technical design
- 10+ years of experience working in Information or Cyber Security roles + strong and proven leadership skills
- Knowledge of security and audit standards: ISAE 3402, ISO 27001, SOC 2 (As standards are evolving this must be adapted to the current requested standards)
- Experience in understanding and evaluation of security threats, vulnerability management and business continuity and disaster recovery
- Technical knowledge: Firewall, network, OS Security….Typically a focus on the technology used for the client is needed.
- CISP, CISM, CISA (or similar) Information Security certifications are desirable
- Strong communications skills - excellent spoken and written English and the ability to gain credibility with C-suite stakeholders with a security background
- Fluent in English - German knowledge desirable
- Strong team player
- Excellent commercial and business understanding
If you could be interested in this position please apply immediately with a copy of your CV to be considered confidentially.