LISO Manager
3 weeks ago
Responsibilities / Tasks
Responsible for the Implementation operative and controls the local ISMS
Responsible for implementation and application of information security requirements at local level
Advises the site manager on information security issues
Based on the global definitions, he professionally supports the respective local process owners with information and asset inventory and classification within the respective business process, with identification and evaluation of the security risks and with definition and monitoring of security measures
Ensures information security integration in the local processes
Responsible for awareness and training campaigns at the local level and ensures that the majority of employees participate demonstrably
Responsible for handling local information security incidents
Identifies all relevant local processes that are covered by the scope of the ISMS and their respective process owners
Ensures that the respective local process owners are informed about the relevant policies
Engages/assigns the respective local process owner to perform an analysis to define the appropriate level of protection needs
Supports the local process owner regarding the design and documentation of information security measures within the respective processes and facilitates appropriate evidence documents with the process owner to prove the operating effectiveness of the respective security controls
Ensures that the respective process owners are identified. The process owners report all assets, systems and applications (e.g. systems, applications, processes and underlying infrastructure) that are necessary to perform the respective processes
Assigns all identified risks to a respective risk owner and ensures that the respective risk owner commits to the role and its corresponding tasks
Supports the risk owner regarding the design of appropriate counter measures
The risk owner reports the progress of the risk treatment to the LISO and the LISO consolidates the respective reports
Identifies all relevant asset owners who are responsible for the assets and applications supporting the processes in the scope of the ISMS
Ensures that the respective asset owners are informed regarding the relevant specific policies
Instructs the respective asset owner to perform a risk analysis to identify relevant vulnerabilities and security controls
Supports the respective asset owner with the creation and implementation of procedural documentation
Your Profile / Qualifications
Bachler or Master Degree in Information Technology/ Computer Science / Cybersecurity, Business Administration, or a related technical discipline
IT Security Certifications advantageous (e.g. ITIL: Information Technology Infrastructure Library, COBIT: Control Objectives for Information and Related Technology, CISA: Certified Information Systems Auditor, CISM: Certified Information Security Manager
Informationsecurity Certifications
ISMS Lead Implementer, ISMS Lead Auditor, additional in accreditation of a certification body
Professional Knowledge and Experience
3+ years of experience to Cyber- or Information Security
Good know-how in management-systems, audits, dealing with audit-findings
Knowing security standards such as ISO, PCI, HIPAA and SOX
Experience in multivendor Management and dealing with multiple suppliers
IT Service Management and ITIL process framework
Other Skills & Competencies
Interpersonal skills in communication and collaboration
Good communication skills, in English, local language is a plus
Good organizational and project management skills with a very structured and organized approach
Analytical ability, problem solving skills
Capabilities, in financial & Budget ownership
