Information Security and Data Protection Auditor (f/m/d)

GEA is one of the largest suppliers for the food and beverage processing industry and a wide range of other process industries. Approximately 18,000 employees in more than 60 countries contribute significantly to GEA’s success – come and join them! We offer interesting and challenging tasks, a positive working environment in international teams and opportunities for personal development and growth in a global company.

Why join GEA

Job information

Reference Number

JR-0030866

Job function

Information Security, Business Continuity & Crisis Management

Position type

Full time

Site

Peter-Müller-Straße 12, 40468 Düsseldorf

Your responsibilities and tasks:

The Expert Information Security Governance assures the information security compliance with regulatory, customer and internal requirements regarding information security (e. g. ISO 27001, NIST, ISA/IEC 62443, IDW PS 980 and others).

Join GEA and make a positive impact: From safe food and beverages to life-saving medicines, GEA makes it possible. We also help our customers reduce CO2 emissions, protect water, and reduce and recycle waste.

GEA Group Services GmbH in Düsseldorf takes over the corporate functions of GEA AG, including areas such as corporate finance, legal and IT, which provide central services for all company divisions. The location also houses the Digital HUB and the Center of Excellence (CoE).

We are looking for experienced and motivated Information Security and Data Protection Auditor (f/m/d) for deployment in Düsseldorf as soon as possible.

He is responsible for the further development and implementation of parts of the word wide Information Security Management System (ISMS), such as creation of information security policies, procedures and processes, Asset & Risk Management, Trainings & Awareness, KPI monitoring, information security consultancy, non-conformities management, continuous improvement and others.

Your other tasks include:

• Accountable for internal ISMS audits according to ISO 27001, as well as IT system audits, supplier audits and data protection audits

• Responsible for the planning and preparation of audit programs for both information security and data protection in the area for which he is responsible

• Responsible for coordinating these audit programs with the areas to be audited and the persons responsible for information security and data protection

• Responsible for the preparation of audit plans for the respective audits

• Responsible for the preparation of audit reports and their reporting to the audited areas

• Responsible for the follow-up of findings with deadline

• Responsible for compliance with audit intervals

• Responsible to initiate external supplier audits

• Responsible for the development of a system of key figures for audit performance and its continuous improvement

• Responsible for the further development of internal audit standards and quality assurance of audit work

• Perform special audits due to special circumstances

• Is open to technical solutions for audit execution and provides impulses for the integration of tools into the audit process

• Is contact person for the BISOs, RISOs and LISOs responsible for the audited area

• Is independent as an auditor and free in his judgement

• Does not provide advice, but evaluates neutrally

Your profile and qualifications:

• Bachler or master’s degree in information Technology / Computer Science / Economics, law or a related technical discipline

• Information Security Certifications (ISMS Lead Implementor, ISMS Lead Auditor, additional in accreditation of a certification body)

• Beneficial (IT) Security Certifications (e.g. CISSP: Certified Information Systems Security Professional, CISM: Certified Information Security Manager, CISA: Certified Information Systems Auditor, ITIL: Information Technology Infrastructure Library, COBIT: Control Objectives for Information and Related Technology etc.) but are not a must

• 5+ years of professional experience in the field of information security and data protection

• In-depth know-how in management-systems, audits, dealing with audit-findings

• Knowing security standards such as ISO, PCI, HIPAA and SOX

• In-depth know-how in international Data protection law (GDPR) and standards as ISO 27701

• Experience in multivendor Management and dealing with multiple suppliers

• Strong interpersonal skills in communication and collaboration

• Strong communication skills, in English, local language is a plus

• Strong personal initiative, analytical ability

• Strong business acumen, problem solving skills

• Capabilities, in financial & Budget ownership

What we offer:

• Work with a supportive and international team

• Modern working environment with flexible working options and home office for a good work-life balance

• A wide range of personal and professional training and development opportunities for your career planning

• Company pension scheme and accident insurance

• 30 days annual leave plus 24 & 31 December

• Attractive company benefits such as discounts on gym memberships etc.

• JobRad including subsidy

• Good access to public transport and a subsidy for public transport use