• Coordinate and continuously develop the Information Security Management System (ISMS) on a global level.
• Align with business departments and group companies regarding know-how protection activities.
• Collaborate with relevant stakeholders such as data protection, compliance, corporate security, and risk management.
• Support the implementation of regulatory requirements (e.g., IT security law, KRITIS, NERC).
• Manage internal and external audits.
• Coordinate information security risk management globally.
• Create, implement, and maintain global information security guidelines.
• Manage and implement awareness measures.
• Assess security requirements and provide organizational and process-related project consulting.
• Conduct supplier and contract reviews.

Skills: ISMS Management, Compliance Support, Risk Management, Audit Coordination, Policy Development, Stakeholder Collaboration, Security Awareness, Supplier Review

• Interact with clients’ security teams during onboarding.
• Respond to client security and privacy questionnaires and audits.
• Manage and maintain ongoing SOC 2 programs and requirements.
• Define information security-related policies and procedures.
• Participate in security incident response.
• Develop and document the security program to meet the needs of clients, including large enterprise organizations.
• Communicate with other department leaders to advance information security goals and programs.
• Assess current technology architecture for vulnerabilities, weaknesses, and opportunities for upgrades or improvements.
• Implement and oversee technological upgrades, improvements, and major changes to the information security environment.
• Conduct ongoing security testing and training.
• Prepare for additional audits and compliance with security frameworks.
• Prepare both an at-a-glance and a comprehensive documentation of security measures.

Skills: Client Security, Compliance Management, SOC 2, Policy Development, Incident Response, Security Program, Risk Assessment, Security Training

• Respond to information security questionnaires and support enterprise sales processes.
• Develop and maintain an information security knowledge base.
• Work with internal teams to design and implement customer product requirements related to information security.
• Update customers, sales teams, and CSMs about changes in security policies and procedures.
• Enhance information security practices within sales and CSM teams.
• Serve as the security team’s primary contact at the US site.
• Collaborate with sales, cross-functional teams, and external partners.
• Support enterprise customers and actively contribute to the sales process.
• Provide updates to the security team regarding customer trends.

Skills: Security Questionnaires, Knowledge Base, Customer Requirements, Policy Updates, Security Practices, Security Liaison, Cross-Functional Collaboration, Customer Support

• Develop a security program that addresses identified risks, regulatory compliance gaps, and business security requirements.
• Create and maintain security policies and procedures to ensure operational efficiency and regulatory compliance.
• Manage the ongoing security and awareness training program.
• Monitor and report on compliance with security policies, and enforce policies within the IT department.
• Provide support and guidance for legal and regulatory compliance efforts, including audit support.
• Plan and execute penetration tests.
• Consult with IT and business leaders to ensure security is integrated into the evaluation, selection, installation, and configuration of hardware, applications, and software.
• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
• Research, evaluate, design, test, and recommend new or updated information security hardware or software, and analyze its impact on the existing environment.
• Collaborate with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements.

Skills: Security Program, Policy Management, Awareness Training, Compliance Monitoring, Audit Support, Penetration Testing, Security Integration, Vendor Management

• Define and formalize processes and procedures around networks, databases, web, and devices in cooperation with IT and business leaders.
• Oversee gap analysis of current information security controls and processes and make recommendations for a robust future state.
• Work closely with various departments across the business to understand their current working practices and tooling, and assess them against industry standards.
• Make recommendations for control improvements to C-level executives.
• Establish strategic security architecture using industry-standard methodologies and frameworks (e.g., TOGAF, SABSA).
• Implement a security architecture roadmap for delivering new capabilities in a hybrid IT environment (cloud-based and on-premise).
• Implement industry-standard architectural security processes and controls for current infrastructure, platforms, and application development (e.g., ISF, NIST, ISO, SANS).
• Work closely with IT functions and other departments to ensure change management principles are adopted where potential flaws or vulnerabilities are identified.
• Assess supply-chain security and third-party security, including performing security auditing and testing (e.g., CISA).
• Manage the response to security incidents.
• Maintain a data privacy overview of managed products.

Skills: Process Development, Gap Analysis, Standards Assessment, Executive Reporting, Security Architecture, Roadmap Implementation, Third-Party Security, Incident Management

• Develop an understanding of the organization’s current and forward-looking threat profile, using requirements to improve the Information Security Program across the enterprise and its subsidiaries.
• Support information security risk and compliance functions by implementing global security policies, standards, and controls across the organization.
• Support M&A activities by ensuring information security due diligence reviews are conducted, risks are identified, and mitigation plans are enacted with the appropriate teams.
• Implement and support a consistent Third-Party Information Security Assessment (TPISA) program across the enterprise and subsidiaries.
• Protect valuable information and maintain the confidentiality and integrity of data through expertise in security management, networks and protocols, data, and application security solutions.
• Stay current with industry trends and emerging risks.
• Direct risk analysis discussions with global business units.
• Provide expertise, guidance, and advice related to information security issues.
• Monitor and review regulatory updates and requirements such as GDPR, PCI, or SOX, and escalate findings as appropriate.
• Perform other relevant duties to support the business.

Skills: Threat Analysis, Risk Compliance, M&A Security, Third-Party Assessment, Data Protection, Emerging Risks, Regulatory Monitoring, Security Guidance

• Ensure local adoption of corporate cybersecurity framework activities, policies, procedures, and standards.
• Develop, implement, and maintain local information security procedures and standards to ensure compliance with the ISO 27001 program and own the local ISO 27001 audit program.
• Identify areas for improvement, supervise action definition, oversee implementation, and verify effectiveness.
• Perform risk assessment and remediation planning with local teams.
• Support local teams and procurement in vendor selection and third-party risk assessment (e.g., 3PL, distributor).
• Collaborate with the Security Operations Center (SOC) on local security issues.
• Engage with the Cybersecurity Incident Response Team in the event of security incidents.
• Provide information security training to collaborators.
• Connect with partners and authorities to strengthen security cooperation.
• Evaluate and implement requirements regarding information security from relevant authorities and laws.
• Advise the respective site or cluster on information security and IT safety requirements.
• Oversee cybersecurity responsibilities for go-to-market sites in assigned regions.

Skills: Cybersecurity Framework, ISO 27001, Continuous Improvement, Risk Assessment, Vendor Security, Incident Response, Security Training, Regulatory Compliance

• Define, scope, create, and execute IT and data security strategies to enhance the reliability and security of IT systems, projects, and organizational data.
• Oversee managers and teams, allocating resources to ensure delivery of secure and robust IT solutions that meet organizational requirements.
• Lead the planning and execution of vulnerability audits, penetration testing, and forensic IT audits and investigations, ensuring outputs strengthen IT security.
• Liaise with senior directors, the board, and other stakeholders, as well as managers, programmers, and IT security staff.
• Oversee the integration of new IT systems development with overall IT, data, and information security policies.
• Direct staff training in security awareness and ensure protocols, methodologies, and procedures are effectively implemented.
• Ensure compliance with relevant legislation and standards, including PCI DSS, PA DSS, Data Protection Act, ISO standards, and government regulations.
• Plan and manage budget allocations and financial forecasts for IT, data, and information security.
• Oversee staff development, recruitment, conflict resolution, redundancy, and termination processes.
• Manage relationships with partners, stakeholders, vendors, and third-party service providers.
• Supervise projects, budgets, and resources to ensure favorable returns on investments in staff, hardware, software, and services.

Skills: Security Strategy, Team Leadership, Security Audits, Stakeholder Liaison, Systems Integration, Security Training, Regulatory Compliance, Budget Management

• Participate in the design and manage the implementation of an Information Security Management System (ISMS) covering policies, procedures, operational considerations, IT change control, and IT risk and compliance management programs, including governance processes, audits, metrics, and reporting aligned with contractual, regulatory, and compliance requirements.
• Partner with Finance, Legal, Audit, and Compliance executives to support internal and external audits (SOX, COBIT, IT Controls).
• Support business unit and IT executives in prioritizing security initiatives and investments based on business risk, regulatory compliance, financial implications, and alignment with strategic objectives.
• Provide strategic and tactical security, risk mitigation, and regulatory compliance guidance for all IT projects, including evaluation of security policies, processes, procedures, and governance controls.
• Lead the development, implementation, and management of metrics to measure the efficiency and effectiveness of ISMS, risk management, and compliance programs.
• Drive the creation and execution of an enterprise information security and privacy training and awareness program.
• Ensure staff are knowledgeable about policies, best practices, and role-appropriate security and data privacy responsibilities.
• Oversee the tracking and resolution of audit findings and remediation activities, and support external and customer security audits.
• Develop and implement key metrics and KPIs, providing regular reporting on information security program maturity, risk posture, and regulatory compliance.
• Assist in overseeing the information security budget, staffing, and contracting objectives.

Skills: ISMS Management, Audit Support, Security Prioritization, Risk Guidance, Metrics Development, Awareness Training, Audit Remediation, Program Reporting

• Communicate the value of information technology security across all levels of organizational stakeholders.
• Advise senior leadership of changes affecting the organization’s cybersecurity posture, including shifts in risk levels and security posture.
• Collaborate as part of a geographically dispersed team to coordinate and execute cybersecurity inspections, tests, and reviews.
• Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures for securing the operational environment.
• Communicate security and compliance issues to government leaders, Cybersecurity Operations, and A&A staff effectively and appropriately.
• Provide status reports to stakeholders, senior GDIT, and government personnel regarding cybersecurity metrics, results, key risk indicators, trends, and compliance.
• Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
• Assure successful implementation and functionality of security requirements while maintaining information policies and procedures consistent with security baselines.
• Guide the cybersecurity team on approved remediation actions to ensure compliance with information security policy, regulatory, and contractual requirements.
• Assist in updating policies, procedures, and standards based on NIST 800-53 standards, best practices, and compliance requirements.
• Lead and align IT security priorities with the cybersecurity strategy, including interpreting and approving security requirements relative to new information technology capabilities.
• Participate in the acquisitions process, following DOD/USAF supply-chain risk management practices.

Skills: Security Communication, Leadership Advisory, Cybersecurity Reviews, Policy Development, Compliance Reporting, Risk Management, Team Guidance, Supply Chain Security

• Own the security strategy and roadmap in line with emerging threats and the changing landscape of IT and business services.
• Own client-facing security structures, including incident reporting, monitoring, and client risk alerts.
• Review, assess, and recommend actions for operational delivery services.
• Ensure adherence to security best practices and policies, embedding security into day-to-day thinking and practices across delivery.
• Work closely with the IT team to continually develop security systems and processes.
• Own proactive communication of appropriate threats to staff and stakeholders regularly to ensure information security is embedded within the group.
• Establish yourself as the go-to individual for all security questions relating to both client and supplier contracts.
• Partner with multiple projects and initiatives to apply security architecture requirements, develop solutions, integrate security into solution designs, assess risks of security gaps, and develop architecture remediation.
• Conduct annual security testing.
• Lead security initiatives and ensure their successful execution.

Skills: Security Strategy, Client Security, Service Review, Best Practices, Systems Development, Threat Communication, Security Architecture, Security Testing

• Manage a team responsible for the information security function, including IT security controls and architecture, information privacy, incident response and investigations, digital forensics, disaster recovery and business continuity, regulatory compliance, and communication and training for information security initiatives.
• Lead a small team in maintaining and implementing information security policies and procedures.
• Supervise the development, deployment, and execution of controls and defenses to ensure security and risk mitigation of company infrastructure, technology, and information systems.
• Identify security architecture, goals, objectives, and metrics, and analyze business needs and priorities for the protection of critical systems.
• Monitor security programs and assurance, including threat and vulnerability management, incident response management, and forensic investigations.
• Evaluate potential business impacts from security breaches and guide business decision-makers.
• Assist with the development and execution of security systems, compliance policies, and procedures.
• Select, develop, and evaluate personnel to ensure the efficient operation of the function.
• Manage the organisation’s ongoing information security programme to ensure continued alignment with best practices.
• Continually develop professional skills and experience, including networking with other organisations to share best practices.

Skills: Team Leadership, Policy Management, Risk Mitigation, Security Architecture, Incident Response, Threat Monitoring, Compliance Oversight, Staff Development

• Establish and own the ISMS and the plan for the organisation to achieve ISO 27001 within an agreed timescale.
• Produce and maintain documentation to support the organisation, including policies, procedures, and guidance for the ISMS.
• Ensure full security risk assessments are undertaken, maintain the risk register, and actively manage and treat risks.
• Develop and manage risk countermeasures and treatment plans.
• Act as a champion for improving information security processes within the organisation, working closely with Development, SaaS, Delivery, and corporate IT functions.
• Ensure designs, processes, and controls are appropriate while challenging existing practices.
• Implement an effective awareness and training programme for all relevant staff and monitor its quality and effectiveness.
• Report progress to senior management and other key stakeholders, ensuring a comprehensive status update and highlighting all issues, risks, and exposures in a timely and effective manner.
• Provide support and guidance to stakeholders, including management information on the ISMS status and progress towards certifications.
• Set and agree on security objectives for the organisation and monitor security performance, including timely investigation and communication of security incidents, and driving post-mortem activities.
• Liaise with external assessment bodies to ensure maintenance of the ISMS and certifications.
• Manage or participate in security reviews and report lessons learned as part of continuous process improvement.

Skills: ISMS Management, ISO 27001, Risk Assessment, Risk Treatment, Process Improvement, Security Awareness, Stakeholder Reporting, Certification Support

• Ensure compliance with legal and policy requirements in terms of information security.
• Perform internal security audits for daily IT operations regarding information security requirements.
• Create monthly and yearly management and compliance reports, and manage and track security KPIs.
• Cooperate with the IT team to review security targets and measure security control results.
• Develop and maintain a corporate information security awareness program, working with HR for security training.
• Ensure all security incidents are timely reported and properly managed.
• Manage third-party risks by collecting clients' security requirements, providing implementation support, and conducting vendor security risk assessments.
• Track and analyze security trends, combine insights with the company’s actual situation, and continuously improve the information security management system.
• Audit security in different systems and measure security KPIs, including firewalls and network control devices, security systems (anti-virus, patch systems, IDS, log systems), and applications (folders, application permissions).
• Push corrective actions based on inputs from monitoring systems, external audits, risk assessments, logs, and vulnerability scans.
• Work with ITBP to perform project security audits and provide summaries.

Skills: Regulatory Compliance, Security Audits, KPI Reporting, Awareness Training, Incident Management, Third-Party Risk, Trend Analysis, Corrective Actions

• Continuously assess company infrastructure and data to identify, manage, monitor, and mitigate risk.
• Continuously develop, implement, and update security policies, standards, guidelines, baselines, processes, and procedures in compliance with local, state, and federal regulations, client requirements, and internal standards.
• Manage the security configuration of network devices, servers, workstations, laptops, and mobile devices.
• Manage physical security elements such as alarm systems, access control systems, cameras, and keys.
• Provide security awareness training to all employees.
• Respond to security incidents and assist management in developing incident response plans and conducting tests of the same.
• Manage and configure disaster recovery and data backup systems.
• Assist management in disaster recovery and business continuity planning, and conduct tests of the same.
• Conduct information security reviews of current and potential vendors and suppliers, ensuring compliance with internal standards.
• Review, manage, and document all user access entitlements.
• Assist other IT staff in providing user support.
• Respond to all client information security audit requests.

Skills: Risk Management, Policy Development, Configuration Management, Physical Security, Awareness Training, Incident Response, Disaster Recovery, Vendor Reviews

• Lead a strong team of professionals assigned to major initiatives.
• Hire, train, administer salaries, manage performance, and take corrective actions for direct reports.
• Collaborate with team members on career development and goal setting.
• Assist in identifying IT security impacts and risks and help translate them into secure, viable technical solutions.
• Maintain up-to-date, detailed knowledge of the IT security industry, including awareness of new or improved security solutions, policies, processes, and procedures.
• Share knowledge and educate counterparts to mature the organization.
• Work with the team to identify and act on refactoring and upgrade opportunities that keep solutions running optimally.
• Ensure the team provides dependable and responsive support in conjunction with IT Operations.
• Define timelines for team goals as they align with overall organizational objectives.
• Ensure work being done by the team is jointly and regularly prioritized between the team, Program Management, and respective business partners.
• Monitor team performance in delivering according to the agile methodology and work with team members and agile coaches to improve processes, capabilities, and other opportunities to increase delivery velocity.
• Understand and stay up to date with the latest IT technologies, protective and detective controls, and standards such as the NIST Cybersecurity Framework, PCI, and Sarbanes-Oxley, while embedding those standards within the team in conjunction with technical architecture.

Skills: Team Leadership, Talent Management, Career Development, Risk Translation, Industry Knowledge, Knowledge Sharing, Agile Delivery, Standards Compliance

• Implement and maintain the organization’s information security strategy to meet internal and external requirements.
• Develop, implement, and monitor the information security program to deliver against the strategy and ensure the integrity, confidentiality, and availability of sensitive information used in the company.
• Play a leading role in ensuring that products and services using sensitive data, particularly health data, comply with requirements such as HIPAA, GDPR, and medical device regulations.
• Report to the Executive Team and the Board on progress against the information security strategy, information security risks, and current information security posture.
• Oversee and support the operation, maintenance, and improvement of the information security management system, its ISO 27001 certification process, and any additional information security certification or compliance processes.
• Be responsible for the information security risk management framework, business continuity plans, internal audits, supplier security assessments, and project and supplier security assessments.
• Oversee and support the information security incident response process and act as a point of internal and external escalation.
• Own and maintain relevant information security policies, technical standards, and assurance to ensure that security is built in and maintained across the organization’s cloud infrastructure and software development.
• Facilitate security-related external audits from partners, customers, and regulators.
• Embed a culture of information security across the organization through engaging training and communication programs.

Skills: Security Strategy, Program Management, Regulatory Compliance, Board Reporting, ISMS Management, Risk Framework, Incident Response, Security Culture

• Manage the day-to-day operations of security tools, processes, and vendors responsible for providing perimeter, application, network, and cloud security, including Firewalls, Proxies, Antivirus, SIEM, Network Access Control, Email Gateway, IDS/IPS, DAST/SAST, Privileged Access Management, Data Loss Prevention, Penetration Testing, Vulnerability Management, and Disaster Recovery.
• Deploy, configure, and mature security tools and processes.
• Lead incident response activities, coordinating with internal and external technical teams and providing on-call support.
• Manage an internal technical team as well as an external SOC.
• Lead and coordinate the investigation and remediation of monitoring alerts.
• Drive and oversee the development of playbooks and standard operating procedures for incident response, security tools, and processes.
• Serve as the Subject Matter Expert for network security and security operations while providing expertise and guidance to internal and external IT team members.
• Serve as the Project Manager for technical security operations projects, implementing new security technologies and maintaining existing technologies.
• Maintain a current understanding of the cybersecurity threat landscape.
• Identify and evaluate security gaps and translate them into functional specifications to reduce risk.
• Review alignment of security controls to policies, frameworks, and regulations, and provide roadmaps to meet compliance.
• Lead and deliver security operations reporting and metrics, including KPIs and KRIs.
• Execute tasks as a member of the Information Security team as assigned by management.

Skills: Security Operations, Tool Management, Incident Response, SOC Management, Threat Investigation, Network Security, Project Management, Compliance Alignment

• Create and maintain a comprehensive understanding of global cybersecurity risks and market requirements, including regulations and standards.
• Cooperate in the definition, development, and implementation of group-level cybersecurity initiatives, policies, standards, and guidelines.
• Support the implementation of the cybersecurity strategy for IoT solutions of the Motion Services Division.
• Define the IoT cybersecurity roadmap in collaboration with IS and other divisions.
• Estimate the impact of cyber threats on financial, productivity, safety, and security for an organization.
• Provide the required level of cybersecurity for offering, required standards to fulfill, threat modeling, and threat assessments.
• Support and participate in security reviews, assessment reviews, and threat analysis.
• Fulfill the tasks needed to receive and maintain security certificates.
• Actively contribute to identifying, managing, and reducing cybersecurity risks.
• Drive internal cybersecurity assessments and product security clearance.
• Manage risks effectively across the organization.
• Detect and monitor threats to organizational assets.

Skills: Cyber Risk Analysis, Policy Development, IoT Security, Cybersecurity Roadmap, Threat Assessment, Security Reviews, Certification Support, Risk Management

• Manage vulnerabilities to reduce exposure.
• Oversee identity and access management processes.
• Defend the assets of the organization via the implementation of security policies, processes, technology, and controls.
• Oversee that employees are being educated on the importance of information security.
• Ensure compliance with information security and data privacy regulations.
• Oversee internal and external information security audits.
• Maintain and lead further development of the Information Security Management System (ISMS) according to ISO 27001.
• Monitor trends, legal requirements, and standards in information security and steer the implementation in collaboration with other parts of the organization.
• Stay sensitive to future technologies and trends related to cybersecurity and information security.
• Share internal awareness and knowledge through security training programs.
• Act as an expert speaking partner for customers on cybersecurity and information security topics.
• Guide and train other product managers in cybersecurity requirements.

Skills: Vulnerability Management, Access Control, Asset Protection, Security Awareness, Regulatory Compliance, Security Audits, ISMS Management, Customer Advisory

• Professional experience in risk management, information security, and IT.
• Professional security management certification, like CRISC, CISSP, CISM, ISO27001 lead implementer, or similar.
• Strong analytical skills and competence for problem-solving.
• Experience in creating or maintaining an ISMS.
• Expertise in IT Security controls like Anti-Malware, Firewall, SIEM, Authentication, Encryption, and Patching.
• Knowledge of securing AWS, Azure, or hybrid environments, including container security and DevSecOps practices.
• Hands-on experience in security incident handling, root-cause analysis, and digital forensics.
• Experience in creating initiatives to raise organizational security culture and influence secure behavior across teams.
• Ability to assess, monitor, and mitigate risks associated with vendors and external partners.
• Experience designing or supporting resilience strategies, ensuring continuity during disruptions.
• Good verbal and written communication skills on different management levels.
• Fluent language skills in English and German.

Qualifications: BS in Computer Engineering with 8 years of Experience

• Experience working in Cyber Security, IT Operations, and Incident Management.
• Experience in managing and developing a small security team.
• Ability to distil technical reports quickly and accurately for consumption by non-technical audiences.
• Have CompTIA Security +, CISMP, SSCP, or equivalent certification and are working towards either CISSP, CISM, CSX-P, or equivalent.
• Understanding of the Cyber Kill Chain, MITRE ATT&CK, and other information security defence and intelligence frameworks.
• Working knowledge of Microsoft Azure technologies, GDPR, SOX, and ISO27001 and SOC type 2 reports.
• Excellent attention to detail.
• Confidence to question and challenge.
• Strong prioritization and time management skills.
• Good negotiation skills, finding a middle ground with stakeholders when security requirements compete with business or operational needs.
• Can remain calm and effective during sustained pressure from incidents, audits, or regulatory deadlines.
• Able to build trust with executives, auditors, and business units to gain support for security initiatives.

Qualifications: BS in Software Engineering with 6 years of Experience

• Knowledge and understanding of Financial Services regulatory/compliance requirements in information security.
• Wide and broad knowledge of Information Security.
• Experience working in information security management and/or related functions in financial services.
• Must have experience working within Project Delivery or Project Assurance.
• Experience in mentoring or managing an Information Security team or part of a team.
• Experience working with multiple and diverse projects.
• Strong risk assessment/risk management skills.
• Security experience, including information security management, physical security, application security, network security, and security incident management.
• Good stakeholder management skills, with an ability to understand and communicate technical details to a non-technical audience.
• Good problem-solving skills, undertaking very complex tasks, including analytical thinking, and developing highly innovative solutions.
• Understanding of how to apply Information Security best practices to large-scale enterprise environments.
• Good technical knowledge of the security impact on established and up-and-coming technologies.
• Key understanding of working in a Digital business and the impact on information security.

Qualifications: BS in Systems Engineering with 10 years of Experience

• Working knowledge and/or certification in Operating Systems/Networks/Security/Infrastructure/Data Protection/Audit.
• Some scripting and programming skills, with good experience.
• Hold ITIL Foundation/Practitioner and higher certifications.
• Understanding of the Country IT role and the Country IT field of responsibility.
• Knowledge of DPDHL IT environment and Country IT management
• Familiar with international security standards such as ISO/IEC 27001.
• Proficient in Information Security Architecture and Design principles.
• Proficient in operating systems security (in particular, the MS Windows family and Linux server OSes).
• Proficient in risk assessment, threat and vulnerability assessment, or penetration testing methodologies.
• Proficient in information security incident response management.
• Familiar with information security-related project implementation.
• Aware of Data Protection Acts (i.e., EU DPA/GDPR or MY PDPA), and IT Service Management (Country ITM) best practices, especially the ITIL framework.
• Familiar with IT and, in particular, Information Security industry service and technology offerings.
• Familiar with security threats relevant to particular regions, countries, or language groups.

Qualifications: BS in Cybersecurity with 9 years of Experience

• Experience as an Information Security Professional with a technical background, managing an ISMS or parts of it.
• Extensive knowledge of financial services and governmental laws in this region, and the specific expectations of those auditors.
• Experience creating ISMS documents with a firm understanding of their impact on the organization, especially developers.
• A deep understanding of how information security assurance works in practice, to optimize and simplify its application.
• Experience with industry standards for information security and understanding its underlying principles and reasoning.
• Good written and spoken English and German.
• Hands-on experience conducting internal audits, preparing for external audits, and driving remediation activities.
• Experience in designing and delivering training to improve employee security practices and reduce human error.
• Ability to break down complex security problems and identify practical solutions, with high attention to detail.
• Strong time management and prioritization skills, balancing multiple projects, deadlines, and regulatory requirements efficiently.
• Adapt communication style for international teams and diverse stakeholders.

Qualifications: BS in Information Technology with 5 years of Experience

• Information and/or Cybersecurity experience, preferably within banking or financial services
• Hold technical certifications, such as CISSP, CEH, CISM, GCIH, or GCFE.
• Demonstrated knowledge and experience with cybersecurity and risk frameworks and standards, including NIST CSF, NIST RMF, CoBIT, OWASP, NIST, MITRE, etc.
• Strong working knowledge of information security and technology risk assessment tools and methods.
• Experience designing secure networks, systems, and applications.
• Knowledge of cloud security and technologies, preferably FedRAMP.
• Experience developing security documentation, such as business continuity plan (BCP), business impact analysis (BIA), disaster recovery plans (DRP), and system plans.
• Experience planning, researching, and developing security policies, standards, and procedures.
• Professional experience in a system administration role supporting multiple platforms and applications.
• Ability to analyze complex threats or incidents quickly and identify effective, practical solutions.
• Confident to make sound, time-sensitive security decisions during incidents or crises.
• Skills in breaking down technical concepts for non-technical stakeholders and fostering a security-first culture.

Qualifications: BS in Computer Science with 7 years of Experience

• Experience leading a team of subject matter experts and ensuring their ongoing retention and development.
• Working knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical, and project plans.
• A proven track record in directing and leading operations/information security teams.
• Confirmed technical background and experience in leading and delivering security capability to a large-scale organisation.
• Experience with the management of a Security Operations Centre and tooling relevant to an enterprise-scaled network.
• Can show an appreciation for the needs of statutory, regulatory, and voluntary conditions and can associate such needs with effective security controls.
• Able to conduct a detailed assessment of risk within an OT enterprise, defining strategies for mitigating risk and ensuring such strategies are recorded, effective, and understood by their stakeholders.
• Strong analytical skills to analyse security requirements and relate them to appropriate security controls.
• Strong leadership skills with exceptional communication and presence.
• Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals.
• Comfortable working in rapidly changing regulatory and technological environments, adjusting strategies to emerging threats or shifting priorities.

Qualifications: BS in Network Security with 11 years of Experience

• Relevant information security and risk management certifications (e.g., CISSP, CISA, CISM, CRISC, CGEIT, SABSA).
• Knowledge of other Information Security and Risk frameworks (COBIT 5, NIST Cybersecurity Framework).
• Experience in the design and implementation of risk management frameworks, systems, and processes (preferably in a fast-paced, dynamic, and technology-led company).
• Knowledge of "Cloud" models and risks associated with the use of cloud services.
• Experience with Identity and Access Management processes, tools, and best practices.
• Experience in Information Security Incident Response processes and best practices.
• Experience providing advice and expertise to executive management teams
• Experience providing risk management methodology advice in areas of complexity and ambiguity, and facilitating risk workshops.
• Awareness of the various Government Privacy and Security Programmes and their impact on risk management, and how they impact some of citizenM’s clients
• Demonstrate the drive and ability to improve their own capability with good self-awareness and a focus on self-improvement, with the ability to wrap meaningful KPIs on outcomes to measure success
• Show the drive and resilience to contribute proactively and deliver sustainable high performance, and can work effectively independently and with colleagues.
• Ability to build, maintain, and leverage relationships with key internal and external contacts.
• Strong planning and organising skills, with good written and verbal skills.
• Solid qualitative and quantitative analytical skills, including good judgment and decision-making skills.

Qualifications: BS in Data Science with 10 years of Experience

• Experience in Technology and preferably within the finance sector, and management experience.
• Experience working in a matrix management model across globally diverse virtual teams to deliver strategic initiatives.
• Ability to define and manage roadmaps across a large portfolio, milestones, and associated deliverables.
• Understanding of the financial/budgetary impact of technical decisions.
• Advanced knowledge of multiple IT control and project management practices, and experience working across large environments.
• Expertise in application and infrastructure high-availability and resiliency architectures with demonstrated experience in business.
• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection.
• Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals.
• Strong leadership skills with exceptional communication and presence.
• Ability to see the bigger picture, align technology initiatives with business objectives, and anticipate long-term industry trends.
• Skill in guiding teams and stakeholders through organizational, process, and technological transformations smoothly.
• Capable of addressing disagreements constructively, ensuring progress continues without damaging relationships.

Qualifications: BS in Information Systems with 13 years of Experience

• Relevant experience in an Information Security role where gaining wide experience of cyber/information security risk management practices.
• Good understanding of ISO27001 and NIST frameworks and their associated security controls.
• Experience in implementing and/or supporting these frameworks within an organization.
• Knowledge of security best practices with relation to applications, network, and client setups.
• Exposure to secure development lifecycles and principles.
• A technical background and familiarity with security tools, hardware, software, and networking systems.
• Excellent stakeholder management and communication skills, and comfortable working with stakeholders at all levels of seniority.
• A proactive approach with an analytical mind, and able to analyze data and suggest practical improvements to reduce risk.
• Any recognized security qualifications, e.g., CISSP/CISM.
• Proven track record of upholding workplace safety and ability to abide by health, safety, drug/alcohol, and harassment policies.
• Experience assessing and managing vendor/supplier security risks, including due diligence, contract reviews, and ongoing monitoring.

Qualifications: BS in Cloud Computing with 4 years of Experience

• Experience working in information security, holding at least one security certification like CISSP, CISA, or CISM.
• Experience in Information Security Practice and working knowledge of ISO 27001:2013 standards.
• Good understanding of IT and network security concepts.
• Knowledge of various International Regulatory Laws and regulations applicable across geographies (e.g., GLBA, HIPAA, DPA, PCI DSS, etc.).
• Experience working in Internal/External Audits.
• Hands-on involvement in detecting, investigating, and remediating security incidents.
• Ability to design, implement, and oversee risk management frameworks beyond just audits and compliance.
• Practical knowledge of securing cloud platforms (AWS, Azure, GCP), including identity management, monitoring, and compliance in hybrid environments.
• Excellent verbal and written communication skills.
• Good report writing skills.
• Process-driven and have an eye for detail.
• Good interpersonal skills, self-motivated, willingness to take on challenges, and adaptability to change.

Qualifications: BS in Management Information Systems with 6 years of Experience

• Professional experience with management experience.
• Experience in managing security tools and performing vulnerability and compliance scanning.
• Experience with Linux and Windows operating systems, Cloud technologies, Network devices, Databases, etc.
• Solid understanding of deploying and maintaining tools.
• Knowledge in scripting languages, including Python, Bash, PowerShell, and Regex.
• Experience leading projects and initiatives.
• Possess certifications such as CISSP/CISM/GSLC, AWS/GCP/Azure.
• Excellent critical thinking and problem-solving skills.
• Strong verbal and written communication skills.
• An ability to coach and motivate staff.
• Can provide innovative solutions and take on new challenges.
• Must be detail-oriented.

Qualifications: BS in Digital Forensics with 7 years of Experience

• Work experience in Information Technology or Cybersecurity.
• Experience in (co-)developing and (co-)leading a comprehensive Enterprise Information Security Program.
• Network security, Cloud Security (Azure), and Infrastructure technical expertise.
• Experience working with HR, legal, audit, and compliance staff.
• Familiarity with applicable legal and regulatory requirements, any combination of the following: PCI DSS, NIST SP 800, NIST SP 800-171, CMMC, GDPR, CCPA/CPRA.
• Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical, and project plans.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• A deep understanding of operating systems and network protocols.
• Expertise in system technology security testing (vulnerability scanning, patching/upgrading, and penetration testing).
• Expertise with the design and execution of a formal Incident Response Process, DR, and Business Continuity process.
• Experience with developing and monitoring security KPIs, as well as measuring the efficiency and effectiveness of security controls
• Ability to keep the organization up to date with the development of the global cyber threat landscape.
• Ability to build a cybersecurity culture in the organization.

Qualifications: BS in Software Development with 10 years of Experience

• Track record of successfully establishing and maintaining a security framework against ISO27001.
• Strong ability to clearly articulate risks and controls, and build strong relationships with peers to achieve security objectives.
• Knowledge of cloud technologies, services, and agile security practices such as DevSecOps, Kubernetes, Amazon AWS, etc.
• Hands-on experience using security monitoring tools (Panaseer, Wiz.io, Amazon Security Hub, etc.).
• Experience in undergoing security audits and managing responses to security questions from internal and external stakeholders.
• Relevant qualifications, such as CISSP, CISM, ISO270001 Lead Implementor/Auditor.
• Ability to design secure enterprise architectures and embed security principles into system and application design from the ground up.
• Practical involvement in detecting, investigating, and containing threats, as well as performing forensic analysis and red/blue team collaboration.
• Proven ability to design and drive organization-wide awareness programs to build a strong security culture.
• Excellent communication skills, including the ability to create clear documentation and presentations to convey complex issues at varying levels across technical and non-technical teams.

Qualifications: BS in Security and Risk Analysis with 6 years of Experience

• Broad knowledge of a wide range of Information Technology systems and a deep understanding of the inherent security risks associated with these technologies.
• Extensive experience implementing/maintaining ISO27001 and managing external audits.
• Must be comfortable performing regular internal audits.
• Demonstrable experience in building relationships across the organisation to develop buy-in to InfoSec matters.
• An understanding of InfoSec best practices and approaches, such as OWASP.
• Professional certification (CISSP/CISM/ISO 27001 Lead implementer or similar).
• Dedicated to the security discipline but pragmatic and adaptable, with the tenacity to get things done.
• Excellent communicator with the ability to present security topics to a non-technical audience and present the business value of security.
• Must have a reasonable approach to balancing business objectives with information security.
• Well organised, focused, with a strong attention to detail.
• Must be self-starting, able to define and drive deliverables through to completion.

Qualifications: BS in Computer Information Systems with 9 years of Experience

• A proven ability in Information Security.
• Experience with Management Systems and Business Process Management, in particular the ISO 27000 family of standards.
• Knowledge of regional and local laws, regulations regarding cybersecurity.
• Practical experience securing cloud platforms (AWS, Azure, GCP) and knowledge of risks in areas like IoT, AI, and OT/ICS environments.
• Hands-on experience leading security incident investigations, forensics, and business continuity/disaster recovery planning.
• Ability to conduct structured risk assessments, apply threat modeling methodologies, and align mitigation strategies with business priorities.
• Good communication skills, articulate, and comfortable working in a highly regulated and complex matrix organization.
• Excellent analytical and presentation skills.
• Good interpersonal skills and culturally sensitive.
• Go-to demeanor, resilient, well-organized, and resourceful.
• Excellent English and German language skills, and/or skills in the Slavic languages (Polish, Russian).
• Hold certification in InfoSec Security, e.g., CISSP, ISO27001 Lead Auditor.

Qualifications: BS in Computational Science with 7 years of Experience

• Proven experience as an Information Security Manager or in a senior information security role.
• Professional certifications such as CISSP and/or CISM (or actively working towards achieving these).
• Strong knowledge and practical experience with ISO27001 (preferably Implementer or Auditor certification).
• Working knowledge or awareness of PCI DSS and NIST frameworks.
• Understanding of FSCA regulations and the financial services industry.
• Experience managing outsourced service providers and third-party security relationships.
• Strong technical knowledge with the ability to translate complex technical risks into clear, business-friendly language for stakeholders at all levels.
• Demonstrated ability to remain current with emerging information security standards, threats, and technologies.
• Excellent written and verbal communication skills, persuasive and confident when engaging with senior stakeholders.
• Proven track record of working within private sector organisations.
• Experience driving continuous improvement initiatives within security programs.
• Knowledge of cloud infrastructure security.

Qualifications: BS in Computer Networks with 10 years of Experience

• Progressively responsible experience in the design, implementation, and management of Information Security Shared services for a global corporation (Fortune 500).
• Experience managing functional business and technical teams in a large and complex environment to deliver related capabilities and services.
• Demonstrated success in managing an Information Security Framework, solution, and service for a cross-functional corporation.
• Extensive experience with Healthcare regulatory and information security guidelines, audits, as well as external audit processes and requirements.
• Demonstrated successful implementation of security control frameworks and standards such as ISO 27001, ISO 17799, COBIT, ITIL, NIST, and PCI.
• Certification in Information Security relevant areas, such as CISA, CISM, CISSP, and/or equivalent business experience in a matrix Organization.
• Directly applicable International/Global Experience.
• Excellent understanding of IT Security and Risk Management, strategic planning, and the related tactical initiatives needed to achieve the plan.
• An understanding of financial management and departmental budgeting.
• Ability to effectively present, manage conflicts, and interact at Senior Executive levels (CEO, CIO, CFO, and Controller) and resolve critical and sensitive issues with external partners and customers.
• Ability to meet objectives, deliver quality results in a high-performance environment.
• Skilled in interacting and mediating sensitive situations at all levels of the organization and with external customers and auditors.
• Good business and financial planning, analytical, and conceptual skills to evaluate business risks and apply knowledge to identify appropriate solutions.
• Solid project management skills, including the ability to effectively deploy resources and manage multiple projects of various diverse scopes in a matrix and cross-functional environment.
• Solid knowledge of information security principles and practices.
• Excellent interpersonal, communication, and collaboration skills to successfully interact and influence employees and key business partners, and providers at all levels.

Qualifications: BS in Software Systems with 13 years of Experience

• Familiarity with the NIST 800.53, NIST 800.171, CMMC, NIST Cyber Security Framework, and SOX ITGC control framework, assessing and testing different aspects of Information Security and SOX ITGC controls.
• In-depth knowledge of IS frameworks, NIST Cyber Security Framework (CSF), NIST 800-53, 800-171, and Cybersecurity Maturity Model Certification (CMMC), as well as business process controls and risks.
• Hands-on experience in implementing risk-based compliance programs in IS, Privacy, and SOX areas.
• Big 4 IT Audit background or Fortune 100 companies (with SAP ERP) experience.
• Understanding of IT control frameworks and standards, such as COBIT.
• Experience in performing and leading IT general computing controls, risk/SOX/compliance processes.
• Broad knowledge of IT infrastructure and architecture of computer systems, as well as exposure to a variety of platforms such as operating systems, networks, databases, and ERP systems.
• Experience with SAP’s ECC, BW, SCM, PI/PO, TM, and BOBJ applications and services.
• Experience with project management, proven experience in navigating complex organizations, creative problem-solving, and effective relationship management.
• Ability to translate complex technical topics into easy-to-understand concepts and the ability to manage escalations and communications.
• Good verbal and written communication skills with the ability to effectively communicate with peers and executive leadership.
• Strong leadership and time management skills, specific skills include facilitating change, driving operational excellence, and striving for continuous improvement.
• Hold one or more of the following: CISA, CISM, CISSP, or CIA.

Qualifications: BS in Computer Forensics with 9 years of Experience

• Cybersecurity-related work experience and have worked in consulting companies and multinational companies, with CISSP, CISM, and other relevant network security certification qualifications.
• Familiar with and understand various domestic and foreign cybersecurity laws and regulations and related industry regulatory requirements, such as ISO27001, NIST CSF, GDPR, "Cyber Security Law", "Data Security Law", etc.
• Actual risk management experience, be able to independently complete risk impact analysis, formulate appropriate treatment plans, and improve the efficiency of risk management.
• Practical experience in framework governance, including the formulation of policies, regulations, and standard processes.
• First-hand experience in the classification and classification of information assets and the deployment and implementation of data leakage prevention programs.
• Actual supplier safety management and application safety assessment and management experience.
• Practical experience in data protection and privacy assessment.
• Actual cloud security assessment and operation and maintenance experience based on landing zone (Alibaba Cloud, Amazon Cloud, Microsoft Azure Cloud, Huawei Cloud).
• Understanding of emergency incident response procedures, business continuity plans, disaster recovery plans, and drills.
• Understanding of the operation mode of the management security operations center.
• Understanding of common security processes, methods, and tools, such as penetration testing and code scanning.
• Good English communication, written presentation, and report writing skills.
• Strong organization and time management skills, able to set priorities and complete multiple complex projects within tight deadlines.
• Good interpersonal skills and the ability to work effectively in a team.

Qualifications: BS in Information Technology with 12 years of Experience