Information & Cyber Security Manager - Governance and Risk (w/m)
This function transforms the strategic requirements into processes on group level as well as develops metrics for ongoing performance measurement and reporting.
The Information Security Governance and Risk Manager leads and participates in the conceptual design and the management of Information & Cyber Security processes and tasks including the definition, maintenance and tracking of security regulations, risk management, definition of mitigating measures, awareness, etc. within RBI Group.
What you can expect:
- Develop and maintain group security regulations (policies and standards) according to established security standards (e.g. ISO 2700x, COBIT, etc.)
- Collaborate in defining methodologies for risk identification, evaluation and treatment
- Conduct security risk assessments and compliance checks to identify the effectiveness of controls and the derived risk status within RBI Group
- Ensure that the Information & Cyber Security program is in compliance with internal and external regulations
- Analyze and evaluate risks of security relevant changes in projects or run-the-bank operations as well as identify vulnerabilities/security risks and draw up proposals for improvements and/or initiate countermeasures
- Participate in security projects (as business representative for Information & Cyber Security management)
- Consult business and IT functions in non-security projects regarding information & cyber security risks and the definition of adequate measures.
- Advice local Information & Cyber Security managers of RBI network units on the implementation of group security policies/standards/guidelines and the effectiveness of security measures
- Maintain relationships with key partners within the business units as well as in the Second Line of Defense units
- Foster a culture that promotes Information & Cyber Security within RBI Group and act as a bridge builder in areas of conflicts
- Support establishment and maintenance of group wide security services including cost, contract and vendor management
- Research, evaluate and recommend evolving Information & Cyber Security topics including upcoming regulatory requirements and develop business cases for investments.
- Collaborate in security awareness concepts and design of adequate security trainings within the Group and in the Head Office
What you bring to the table:
- Expert knowledge and experience in Information & Cyber Security Management with regards to processes, concepts, methodologies, technologies and products
- Have a master degree in security/engineering, computer science or business information systems or adequate practical experience
- Knowledge of principles used to manage risks related to the use, processing, storage, and transmission of information or data
- Knowledge and experience in project management principles and techniques.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g. application of defense-in-depth)
- Knowledge of incident response and handling methodologies
- Knowledge and interest in new and emerging IT and cybersecurity technologies
- Practical experience in IT security in large enterprises
- Strong coordination and excellent communication and presentation skills within an international environment
- Ability for independent decision-making and issue resolution
- Strong team orientation
- Excellent command of written and spoken English, German is an asset
- Vendor independent security certifications (e.g. CISA, CRISC, CISSP...) are an asset
- Experience in a large international banking environment is an asset
What we offer:
- You’ll work in an international team at a leading bank
- You’ll benefit from flexible working arrangements and determine your own work-life balance
- You’ll benefit from the very latest in tailored professional development
- You’ll earn an appropriate salary starting at gross EUR 46,500.00 p.a. excluding overtime
RBI AG is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ethnicity, race or color, national origin, religion, political or other opinion, sex, sexual orientation or disability.