SAP Fioneer is hiring a
Information Security Manager

Summary

The job is for an Information Security Manager at SAP Fioneer, a fast-paced startup company offering growth opportunities. The role involves conducting risk assessments, developing and implementing risk management policies, liaising with the CISO, CSO and Security Operations team, maintaining and updating the organization's risk register, and assisting in security awareness training programs. Remote work is available in Germany, Austria, UK or Romania.

Requirements

• A bachelor's or master's degree in information security, computer science, or a comparable infirm education
• First experience in information security, risk management, or related fields

Responsibilities

• Conducting information security risk assessments and identifying potential vulnerabilities and threats to the organization's information systems and data
• Working with stakeholders across the organization to understand their security concerns and requirements and providing guidance and recommendations for managing risks
• Developing and implementing risk management policies, procedures, and controls to mitigate identified risks
• Liaising with our CISO, CSO and Security Operations team on information security requirements, risk assessments and be a point of contact for internal and external audits
• Performing regular reviews and assessments of the effectiveness of risk management controls, identifying areas for improvement, and making recommendations to senior management
• Staying up-to-date with the latest industry trends and best practices related to information security risk management, and recommending improvements to the organization's risk management framework
• Collaborating with other members of the security team to ensure that risk management activities are aligned with the organization's overall security strategy and objectives
• Maintaining and updating the organization's risk register, risk management plans, and other risk management documentation
• Assisting in the development of security awareness training programs and materials to ensure that employees are aware of their role in managing information security risks
• Participating in incident response activities and providing guidance and recommendations for managing risks during and after an incident
• Communicating effectively with stakeholders across the organization to ensure that they are aware of the risks to their systems and data, and that they understand the steps being taken to manage those risks

Preferred Qualifications

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Risk and Information Systems Control (CRISC) are a plus
• Experience in conducting risk assessments, developing risk management policies and procedures, and working with stakeholders to manage risks is a plus
• Working knowledge of information security risk management principles, standards, and best practices such as ISO 27001, NIST Cybersecurity Framework, or CIS Controls are a plus
• Familiarity with information security technologies and tools such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems may be beneficial

Benefits

• Attractive compensation package
• Country-specific range of benefits