I am partnered with a Global organisation with HQ in Hamburg who are looking for a leader in Information Security Management Systems (ISMS) and compliance for cloud environments, including AWS and Azure, as well as software development processes.
The responsibilities of the role can be seen below:
-Develop and implement a Governance, Risk, and Compliance (GRC) strategy for cloud services and agile software development.
-Collaborate with architects to define security controls and processes, ensuring compliance and trust in the cloud environment and DevOps processes.
-Support the creation of an efficient, automated ISMS and DevSecOps process, fostering compliant standard solutions.
-Identify external/regulatory requirements and work with business, Data Protection Officers, and Legal to translate them into ISMS policies and controls.
-Manage compliance with external requirements and industry standards such as ISO 27001, TISAX, SOC2.
-Educate and empower architects and developers on Information & Cyber Security Risks, regulations, and compliance.
-Collaborate across CISO, IT, and Business departments to ensure organization-wide compliance and effective risk management.
-Stay abreast of the latest information and cyber security trends and threats, providing recommendations for improvement.
-Establish and maintain relationships with auditors, vendors, and industry experts for compliance and continuous improvement.
-Manage information security policy violations with the support of ISMS and IS risk specialists.
-Extensive experience in information & cyber security GRC or architecture roles.
-Strong knowledge of information security principles, frameworks, and best practices.
-Familiarity with current cloud architectures, security, and AWS/Azure solutions.
-Understanding of microservices, serverless architectures, and containerization technologies.
-Experience with agile development frameworks (SAFe, KANBAN, SCRUM) and project management.
-Strong analytical and problem-solving skills with attention to detail.
-Excellent communication, presentation, and training abilities for both technical and non-technical stakeholders.
-Familiarity with regulatory requirements and industry standards related to information security and data privacy.
-Collaborative mindset with experience working across Legal, DPO, Risk & Control, Audit, and Procurement teams.
-Experience in large international organizations and handling enterprise-level projects.
-Certifications such as CISSP, CISA, CRISC, IT/Security Vendor Certifications, ISO27001 Lead Auditor, or similar are a bonus.
-Fluency in written and spoken English.
Lots of benefits included within this company which I would be happy to share upon request. Please submit your application and I will get in touch to discuss further.
I am partnered with a specialist Cyber Defense managed services company who are looking for a Security Engineer to use your expertise in the firewall environment to play a pivotal role in shaping the landscape of Managed Security Services.
- Collaborate on the planning, design, and implementation of security measures within the firewall environment, emphasizing expertise in vendors such as Palo Alto (knowledge of Fortinet is advantageous).
- Engage in technical consulting to enhance customer security environments.
- Operate and support security solutions related to network and endpoint protection, working with manufacturers such as Vectra and Cybereason.
- Manage and support data loss prevention using Forcepoint.
- Conduct performance monitoring and analyze, classify, and eliminate faults.
- Create and update use cases and documentation.
- Contribute to the co-design and ongoing development of managed security services and processes.
- Ensure service quality in support, independently handling operational administration tasks in line with ITIL.
- Completed technical studies or comparable training in computer science, with an ideal focus on network and/or IT security.
- Theoretical and practical knowledge of network, routing, and security protocols, along with operating systems (Linux, Windows).
- Solid understanding of IT security systems operation, including FW, UTM, proxy, IPS, VPN.
- Strong analytical and communication skills, coupled with a structured approach to error analysis and troubleshooting.
- Team-oriented, service-oriented, and a passion for innovation.
- Very good knowledge of English; proficiency in German is a plus.
What We Offer:
- A dynamic work environment with diverse responsibilities and meaningful tasks.
- A highly motivated team, characterized by flat hierarchies and an informal corporate culture.
- Structured onboarding tailored to your needs.
- Intriguing and individually designed opportunities for professional development.
- Competitive remuneration based on your experience and expertise.
- A wide range of benefits, including shopping discounts, company bikes, employee events, small gifts on special occasions, unpaid vacation, energy boosters in the office, and more.