Remote Information Security Manager

Summary

Join SAP Fioneer as an Information Security Manager and contribute to the continual improvement of our Information Security Management System. You will conduct risk assessments, develop and implement risk management policies, and collaborate with stakeholders to mitigate risks. This role requires working knowledge of information security principles and best practices. The position offers remote work options from Germany, Austria, UK, or Romania with travel required. A competitive compensation package and country-specific benefits are provided. Growth opportunities and a chance to drive innovation are also offered.

Requirements

• A bachelor's or master's degree in information security, computer science, or a comparable infirm education
• Fluency in English, both in written and spoken from is required
• You have first experience in information security, risk management, or related fields

Responsibilities

• Conducting information security risk assessments and identifying potential vulnerabilities and threats to the organization's information systems and data
• Working with stakeholders across the organization to understand their security concerns and requirements and providing guidance and recommendations for managing risks
• Developing and implementing risk management policies, procedures, and controls to mitigate identified risks
• Liaise with our CISO, CSO and Security Operations team on information security requirements, risk assessments and be a point of contact for internal and external audits
• Performing regular reviews and assessments of the effectiveness of risk management controls, identifying areas for improvement, and making recommendations to senior management
• Staying up-to-date with the latest industry trends and best practices related to information security risk management, and recommending improvements to the organization's risk management framework
• Collaborating with other members of the security team to ensure that risk management activities are aligned with the organization's overall security strategy and objectives
• Maintaining and updating the organization's risk register, risk management plans, and other risk management documentation
• Assisting in the development of security awareness training programs and materials to ensure that employees are aware of their role in managing information security risks
• Participating in incident response activities and providing guidance and recommendations for managing risks during and after an incident
• Communicating effectively with stakeholders across the organization to ensure that they are aware of the risks to their systems and data, and that they understand the steps being taken to manage those risks

Preferred Qualifications

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Risk and Information Systems Control (CRISC) are a plus
• Experience in conducting risk assessments, developing risk management policies and procedures, and working with stakeholders to manage risks is a plus
• Working knowledge of information security risk management principles, standards, and best practices such as ISO 27001, NIST Cybersecurity Framework, or CIS Controls are a plus
• Good analytical, problem-solving, communication, and interpersonal skills are essential
• Familiarity with information security technologies and tools such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems may be beneficial
• Continuously learning and keeping up-to-date with the latest trends, technologies, and regulations in the information security risk management field is crucial

Benefits

• Mobile Office
• Attractive compensation package and country-specific range of benefits
• Growth opportunities based on merit and individual goals
• The space to bring new ideas, drive innovation and challenge the status quo