In line with the strategic board decision to establish a group-wide governance for information security, the Group CISO function was created and with it a new organisational unit.
An important aspect of the newly created department is boosting the cyber resilience of the group within all aspects of the NIST CSF, as well as monitoring the effectiveness of the segment's protection, detection, and response capabilities with regard to cyber-attacks.
As an expert in this subject, you will be responsible for both supporting and overseeing the Group's cyber resilience capabilities. If you are genuinely interested in playing an active role in shaping a new organisation and have the necessary background, we look forward to receiving your application.
Your job:
- Maintaining parts of the Group policy framework related to your area of expertise, and providing a second opinion on cyber risks that need senior representative's attention
- Collaborating with the 1st Line of Defence of the Primary Insurance and the Reinsurance Group, fostering information sharing between the two, and supporting with a group view on cyber threats
- Conducting assessments to measure the operational effectiveness of the Group's cyber resilience capabilities by means of tabletop exercises, reviewing of the effectiveness of control implementations, and supporting the active search for vulnerabilities
Your profile:
- Academic degree with a strong IT security background or a specialist with solid knowledge of IT security
- Experience with enterprise IT security-related topics such as security architecture and active defence
- Knowledge of common attack vectors from MITRE ATT&CK
- Experience in setting up a vulnerability disclosure programme
- Broad knowledge of legal and regulatory requirements in regard to IT security
- International and/ or intercultural work experience
- Strong (project) planning, organisational, and presentation skills
- Very good command of German and English language