Job Summary:The Information Security Manager will be responsible for overseeing and managing the company's information security program. This role involves ensuring continued compliance with ISO 27001 standards, protecting company data, and mitigating risks associated with information security threats. The ideal candidate will possess a deep understanding of information security practices, strong leadership skills, and a proactive approach to maintaining our ISO 27001 certification. Understand the regulatory requirements for Trapeze as a solution provider in the Transportation industry like Kritis, BSI.
Your tasks:ISO 27001 Compliance:- Ensure ongoing compliance with ISO 27001 standards and manage the implementation of necessary controls.
- Determine the IT Security Audit program and coordinate and lead internal and external audits, including preparation, documentation, and addressing findings.
- Develop, maintain, and update the Information Security Management System (ISMS) documentation as needed.
Information Security Management:- Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.
- Work with IT and business stakeholders to define information security requirements and manage risks.
- Conduct regular risk assessments and manage risk treatment plans.
- Establish and enforce policies, standards, and procedures that align with ISO 27001 requirements.
- Ensure that disaster recovery and business continuity plans are in place and tested
- First point of contact for all IT Security related question from the organisation or customers.
Incident Management:- Develop and oversee incident response planning and the investigation of security breaches.
- Provide timely and effective communication of security incidents to relevant stakeholders.
- Coordinate with other departments to ensure effective incident resolution and post-incident analysis.
Training and Awareness:- Develop and deliver information security training and awareness programs for all employees.
- Promote a culture of security awareness and compliance within the organization.
- Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced
- Arrange for communication of best practices and risks to all parts of the business, also outside IT
Vendor and Third-Party Management:- Evaluate the security posture of third-party vendors and partners.
- Ensure that third-party agreements include appropriate security controls and compliance requirements.
Continuous Improvement:- Stay current with the latest security trends, threats, and technology solutions.
- Identify and implement improvements to the ISMS and overall security posture.
- Participate in industry groups and professional organizations to maintain knowledge and stay informed of emerging issues.
Project Support:- Identification and assessment of security risks in projects and operations
- 1st level contact for Operations team and customers for IT Security related questions
Your Profile:- Bachelor's degree in Information Security, Computer Science, or a related field; Master's degree preferred, or an IT qualification with additional certification in IT security.
- Professional certifications in IT with additional further training in information security (e.g. CAS/MAS Information Security, ICT Security Expert, CISSP, CISA, CISM, ISO 27001 Lead Auditor)
- 3+ years of experience in information security management.
- In-depth knowledge of ISO 27001 standards and experience in maintaining ISO 27001 certification.
- Knowledge of business continuity and IT disaster recovery frameworks such as ISO 22301, ISO 27031 and ISO 31000 is an asset
- Familiarity with other relevant standards and regulations (e.g., GDPR, NIST).
- Proven experience in developing and implementing security policies, procedures, and controls.
- Knowledge of information security technologies and best practices.
- Strong written and verbal communication skills in English and German to convey technical details to management and IT partners.
- Strong understanding of risk management and incident response.
- Ability to manage multiple projects and priorities effectively.
- Open-minded, embracing change, and taking ownership of assignments.
- Results-focused with a positive attitude and commitment to quality.
- Drives change and ensures task completion.
Our Offer:- Maybe we don't have a 3-day week or a 16th salary - we simply keep what we promise
- We work daily on the pulse of the time: We create unique solutions for sustainable mobility
- We combine the advantages of an international corporation with an agile medium-sized company: International growth opportunities, design freedom, Your value is visible
- The rest is a matter of course for us: Attractive salary package, flexible work, further education, YOU count as a person