Chief Information Security Officer (all genders)

As Chief Information Security Officer, you will report directly to the group’s Chief Security Officer and lead the company Information Security Office, an emerging organization of about 60 FTE.

You set the future vision for a comprehensive digital and non-digital information security strategy. You are responsible for shaping and managing the global information security landscape and process.

You serve as a strategic advisor on security, compliance, and risks in all company data, IT, and OT activities and projects.

You define the group-wide policies in line with industry best practices, applicable laws and regulations. Internally and towards third parties, you proactively conduct, follow-up and report to senior management and executive board members on risk and threat analyses ensuring protection of the company and compliance with information security policies.

You interact with, coordinate and drive information security related topics and projects with cross-functional interface partners.

You engage with business stakeholders to identify acceptable levels of risk and to raise awareness of risk management concerns.

With your team you provide central security services to all sectors, support business projects in following the security processes and achieving their security objectives, drive the information security risk management processes, measure and report on information security, detect and manage vulnerabilities and incidents, and provide security awareness and trainings.

Key Responsibilities : You are the trusted advisor and in-depth investigator on all security related topics and act as trusted interface with the whole security ecosystem of the company.

You manage the corporate-wide information security management program and serve as the process owner of all central security activities related to the availability, integrity, and confidentiality of information assets and define the company's information security policies.

You set priorities for the global information security program which are mission-critical for the company.You regularly report on the status of the information security program to the group CSO, CIO, sector management, sector manufacturing heads and executive boardYou interact with cross-functional stakeholders to ensure the consistent application of policies and standards across all relevant projects, systems, and servicesYou develop, implement, and monitor a strategic and comprehensive information security risk management program, in line with the corporate risk management framework.

You design prevention programs for threats and exposures.You provide leadership to the information security organization and guide it to ensure consistent, high-quality information security management supporting business goalsYou influence relevant stakeholders in a matrix organization to significantly drive information security topics and raise awareness of risk management concerns.

You contribute to current knowledge and create a future vision for structure, people, processes and technology to ensure data and system security.

You engage and represent the company central information security function in external committees and networks, towards government and law enforcement authorities.

You support the organization in preparation on how to respond to information security incidents, and guide the Corporate Crisis Management Team in an actual crisis with the technical expertise.

Who you are : Master’s degree in Computer Science, Engineering or equivalent, PhD is a plus10+ years of experience in IT, OT, risk management, information security, and compliance in a global environment.

5+ years Team leadership experience in a multinational environmentInformation security certifications in CISSP, CISM, relevant ISO certification, Sarbanes-Oxley, Data Privacy laws, or PCI is a must.

Black Belt in Lean and Six Sigma is a plus.Broad knowledge of industry cybersecurity standards and trends, and global frameworks, such as ISO / IEC 27001, NIST, CoBiT, IEC 62443, etc.

Experience in incident response, data, application, and infrastructure vulnerability management.Interest and knowledge in emerging technology, changes, and innovations in information security.

Excellent verbal and written communication skills in English (German is a plus).