BGS

Pole Information Security Officer – PISO

BGS

full-time

Posted on:

Location Type: Office

Location: Mannheim • 🇩🇪 Germany

Visit company website
AI Apply
Apply

Job Level

Mid-LevelSenior

Tech Stack

CloudCyber SecurityITSMTypeScript

About the role

  • Establishment, maintenance and continuous development of the Information Security Management System (ISMS) within VINCI Energies’ SQUI system.
  • Ensuring implementation of ISMS strategy and policies in accordance with ISO/IEC 27001, BSI IT-Grundschutz and applicable legal requirements.
  • Ongoing improvement of the ISMS with consideration for IT, OT and cloud infrastructure as well as IT Service Management (ITSM).
  • Advising executive management, managers and employees on all matters of information security.
  • Reporting and tracking information security incidents.
  • Supporting risk and Business Impact Analyses (BIA) and the development of emergency, continuity and recovery plans.
  • Reviewing the currency and effectiveness of IT emergency and continuity plans.
  • Planning, executing and following up on security exercises and penetration tests in cooperation with quality, safety and BCM representatives.
  • Performing risk, threat and vulnerability analyses in IT/OT/cloud projects.
  • Assessing the maturity level of the ISMS, including effectiveness checks of corrective and preventive actions (CAPA).
  • Conducting and coordinating internal and external audits and assessments.
  • Regular written reporting to management on the status of information security.
  • Preparing management reports and recommendations as part of the management review.
  • Documenting and tracking all relevant information security measures.
  • Promoting information security awareness and a cybersecurity culture within the company.
  • Supporting training and education measures to strengthen employees’ security skills.
  • Assisting management with collaboration with external authorities and partners (authorities, police, BSI, customers).
  • Coordinating with data protection, compliance and process management to ensure consistent information security processes.

Requirements

  • University degree in Computer Science, IT Security, Business Informatics or a comparable qualification.
  • Several years of professional experience in information security, IT risk management or IT compliance.
  • Solid knowledge of ISO/IEC 27001, BSI IT-Grundschutz and relevant legal requirements.
  • Analytical thinking, strong communication skills and assertiveness.
  • Familiarity with IT/OT/cloud architectures and IT Service Management processes.
  • Certifications such as CISM, CISSP, ISO 27001 Lead Implementer/Auditor or equivalent are an advantage.
  • Excellent German language skills, both written and spoken.
  • Good English language skills, both written and spoken.
Benefits
  • Work in an open, collegial team with a broad range of responsibilities
  • Use of modern, high-quality technologies and systems such as Office 365, SharePoint (online), cloud, Teams (phone system), etc.
  • We foster an open, communicative corporate culture with continuous knowledge sharing
  • Exciting projects and new challenges within an international company
  • Support for professional development, further training and building expertise
  • Actively shape and change processes

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
Information Security Management System (ISMS)ISO/IEC 27001BSI IT-GrundschutzIT Service Management (ITSM)risk analysisBusiness Impact Analysis (BIA)penetration testingcorrective and preventive actions (CAPA)internal and external auditsIT/OT/cloud architectures
Soft skills
analytical thinkingstrong communication skillsassertiveness
Certifications
CISMCISSPISO 27001 Lead ImplementerISO 27001 Auditor