Business Information Security Officer

Summary

Join METRO.digital, a leading international wholesaler specializing in food, and make an impact as an Information Security Domain Owner. This role ensures proper governance aligns information security with business strategy, supporting implementation of organizational and technical measures to manage risks and regulatory obligations. You will directly advise local management on information security, collaborate with the CISO organization, and manage relationships with cybersecurity agencies. The position requires strong communication skills, experience in information security policy development, and in-depth knowledge of relevant standards and regulations. METRO.digital offers flexible and remote work options, people development programs, and individual support.

Requirements

• You have excellent communication skills and can communicate effectively with people from a wide range of experiences and professional backgrounds
• Bachelor’s or master’s degree in information technology/computer science/cybersecurity, business administration, or a related technical discipline
• Experience leading the development and implementation of information security policies, procedures, and guidelines to ensure compliance with relevant regulations and standards
• Strong knowledge of information security governance, risk management, and compliance principles, practices, and regulations
• Have in-depth know-how in management systems, audits, and analyzing vulnerabilities and audit findings
• Have in-depth know-how in ISO 27001 or comparable standards
• You have solid experience working in an agile environment and that's where you feel at home

Responsibilities

• Implement and adapt the METRO AG ISMS to secure the adherence of the local organization and partners to METRO AG ISMS, guidelines and requirements related to Information Security
• Plan and coordinate the execution of IT and IS risk assessments (including Third-party risks)
• Develop and implement yearly action plan to reduce risks level and increase maturity level aligned with METRO continuous improvement process and ambitions set by METRO AG Board
• Develop and execute awareness campaign and targeted training for all business functions in the local organization
• Report IT and IS related information (risks, incidents, and KPIs) to the CISO organization
• Oversee and coordinate incident response crisis management in relation to information security in collaboration with the CISO organization at METRO AG
• Support the Legal department with evaluation of relevant information security local laws and regulations
• Collaborate with the local Data Protection Officer (DPO) and Local Security Officer (LSO) to define, manage and improve relevant interfaces
• Perform local Information Security assurance reviews (pen-testing, etc.)
• Manage the contact with local cybersecurity agencies (if needed)

Benefits

• Flexible and remote work: create your own schedule!
• People development: when you grow so do we!
• Support with individual solutions: we are people-caring!