Description

Essential Functions:

The objective of the position includes the proactive management of the GELITA Group's security and network infrastructure.

• Define, introduce, implement and further develop IT security requirements with a focus on global IT infrastructure and server operation
• Identification, assessment and management of cyber risks and attacks including corresponding analysis
• Define processes based on group and company specifications
• Identifying security vulnerabilities, areas of action and recommendations
• Ensure monitoring of IT security requirements
• Transfer results from audits, workshops and interviews into appropriate documentation
• Rapid7/KnowBe4 system administration and management
• Advise departments regarding IT security
• Further development of KPIs and SLAs to control and monitor IT security
• Management of internal and external security PEN testing
• Participation in budget planning regarding security needs
• Active project work and project management related to security-related topics
• Evaluate and categorize potential security incidents
• Recommend appropriate improvements to improve information security performance
• Test incident response plans regularly to ensure response times and procedures performed are acceptable
• Conduct annual BCM testing for global regional IT departments and employees
• Management of IT risks including the documentation and assessment of IT risks in collaboration with company-wide risk management and the specialist departments
• Identification, initiation, coordination and review of comprehensive measures to minimize risks as well as proactive remediation of identified security gaps
• Management and auditing of suppliers regarding IT security requirements
• Development of concepts, guidelines and standards for information security and participation in their implementation
• Preparation and support of information security checks, audits and certification measures according to ISO 27001, ISO27019 and the IT security catalog
• Participation in the creation of IT strategic specifications and guidelines
• Establishment and further development of 'state of the art' information security management systems at organizational, process and technology levels
• Carrying out IT security assessments or IT security checks
• Produce forensic analysis of artifacts and malware and detect network anomalies
• Ongoing reporting (security situation)
• Global training on current IT security topics
• Advice and support for internal projects on safety-related issues
• Monitoring of IT service providers with regard to security aspects

Qualifications

Qualifications:

• Solid understanding of infrastructure technologies and administration (compute, storage, networking).
• Experience with active directory, Windows security/administration, DNS management, network security and SEIM tools.
• Working knowledge of Microsoft operating systems (server & clients).
• Knowledge of Microsoft SCCM, Veeam Backup & Recovery, HP/Cisco networks, Palo Alto Firewalls.
• In-depth familiarity with NIST 800-5x, ISO 9001 & 27000, COBIT, and PCI security frameworks.
• Working knowledge of Role Based Access Control (RBAC) methodology and IAM (Identity and Access Management) principals.
• Familiarity with critical business systems.
• 2 years direct IT security experience.
• Strong knowledge of current security threats, techniques, and landscape.
• Dedicated and self-driven desire to research and learn more about the information security landscape as it evolves.
• Ability to work independently and self-manage time and resources.
• Strong written and verbal skills with attention to details.
• Ability to collaborate and be a team player

Minimum education:

• Bachelor’s Degree in Computer Science preferred. Extensive work experience and certifications in lieu of education will be considered.
• CISSP, CISA, CYSA or similar qualifying security certification preferred or the willingness to gain certification.

Minimum work experience:

5 years in progressive IT roles involving IT engineering, administration, and support.