Information Security and Data Protection Auditor (f/m/d) Full-time Job
vor 3 Wochen - Public Service - DüsseldorfJobdetails
Information Security and Data Protection Auditor (f/m/d)
GEA is one of the largest suppliers for the food and beverage processing industry and a wide range of other process industries. Approximately 18,000 employees in more than 60 countries contribute significantly to GEA’s success – come and join them! We offer interesting and challenging tasks, a positive working environment in international teams and opportunities for personal development and growth in a global company.
Why join GEA
Job information
Reference Number
JR-0030866
Job function
Information Security, Business Continuity & Crisis Management
Position type
Full time
Site
Peter-Müller-Straße 12, 40468 Düsseldorf
Your responsibilities and tasks:
The Expert Information Security Governance assures the information security compliance with regulatory, customer and internal requirements regarding information security (e. g. ISO 27001, NIST, ISA/IEC 62443, IDW PS 980 and others).
Join GEA and make a positive impact: From safe food and beverages to life-saving medicines, GEA makes it possible. We also help our customers reduce CO2 emissions, protect water, and reduce and recycle waste.
GEA Group Services GmbH in Düsseldorf takes over the corporate functions of GEA AG, including areas such as corporate finance, legal and IT, which provide central services for all company divisions. The location also houses the Digital HUB and the Center of Excellence (CoE).
We are looking for experienced and motivated Information Security and Data Protection Auditor (f/m/d) for deployment in Düsseldorf as soon as possible.
He is responsible for the further development and implementation of parts of the word wide Information Security Management System (ISMS), such as creation of information security policies, procedures and processes, Asset & Risk Management, Trainings & Awareness, KPI monitoring, information security consultancy, non-conformities management, continuous improvement and others.
Your other tasks include:
Accountable for internal ISMS audits according to ISO 27001, as well as IT system audits, supplier audits and data protection audits
Responsible for the planning and preparation of audit programs for both information security and data protection in the area for which he is responsible
Responsible for coordinating these audit programs with the areas to be audited and the persons responsible for information security and data protection
Responsible for the preparation of audit plans for the respective audits
Responsible for the preparation of audit reports and their reporting to the audited areas
Responsible for the follow-up of findings with deadline
Responsible for compliance with audit intervals
Responsible to initiate external supplier audits
Responsible for the development of a system of key figures for audit performance and its continuous improvement
Responsible for the further development of internal audit standards and quality assurance of audit work
Perform special audits due to special circumstances
Is open to technical solutions for audit execution and provides impulses for the integration of tools into the audit process
Is contact person for the BISOs, RISOs and LISOs responsible for the audited area
Is independent as an auditor and free in his judgement
Does not provide advice, but evaluates neutrally
Your profile and qualifications:
Bachler or master’s degree in information Technology / Computer Science / Economics, law or a related technical discipline
Information Security Certifications (ISMS Lead Implementor, ISMS Lead Auditor, additional in accreditation of a certification body)
Beneficial (IT) Security Certifications (e.g. CISSP: Certified Information Systems Security Professional, CISM: Certified Information Security Manager, CISA: Certified Information Systems Auditor, ITIL: Information Technology Infrastructure Library, COBIT: Control Objectives for Information and Related Technology etc.) but are not a must
5+ years of professional experience in the field of information security and data protection
In-depth know-how in management-systems, audits, dealing with audit-findings
Knowing security standards such as ISO, PCI, HIPAA and SOX
In-depth know-how in international Data protection law (GDPR) and standards as ISO 27701
Experience in multivendor Management and dealing with multiple suppliers
Strong interpersonal skills in communication and collaboration
Strong communication skills, in English, local language is a plus
Strong personal initiative, analytical ability
Strong business acumen, problem solving skills
Capabilities, in financial & Budget ownership
What we offer:
Work with a supportive and international team
Modern working environment with flexible working options and home office for a good work-life balance
A wide range of personal and professional training and development opportunities for your career planning
Company pension scheme and accident insurance
30 days annual leave plus 24 & 31 December
Attractive company benefits such as discounts on gym memberships etc.
JobRad including subsidy
Good access to public transport and a subsidy for public transport use