Regional Information Security Officer
KARL STORZ
full-time
Posted on:
Location Type: Office
Location: Tuttlingen • Germany
Visit company websiteExplore more
Tech Stack
About the role
- Communication & Mentoring: Direct collaboration and coaching of local ISOs to identify responsibilities and inefficiencies in information security across subsidiaries and within the ISMS.
- Feedback & Improvement: Gathering feedback from local ISOs on improvement opportunities within the KSSF, the risk management methodology, and supporting security processes, and enabling ISOs to maintain a risk management process for their region.
- Reporting & Budget: Managing the communication of information security reports between subsidiaries and the global information security organization, and reporting KPIs, KRIs and OPIs to relevant stakeholders for budget planning and financial forecasting.
- Incident Response: Supporting local ISOs in managing incident response processes to detect, alert and contain security incidents, and maintaining effective regional cyber crisis management procedures.
- Compliance & Control: Collecting, assessing and reporting on subsidiaries’ compliance with KARL STORZ information security requirements, and tracking the implementation of security controls in line with global security standards.
- Training & Awareness: Ensuring appropriate training and awareness content for employees and users, and reviewing and approving online trainings, instructor-led courses and workshops within the region.
Requirements
- Minimum of 10 years of professional experience in information technology, audit and/or compliance, including at least 5 years in information security
- Bachelor’s degree or equivalent professional experience
- Certifications such as CISSP, CISM, CRISC, PMP, CISA or GSLC, and demonstrated experience implementing ISO 27001, including all phases of the certification process
- Expert knowledge of EU and US standards in cyber and information security
- Strong knowledge of the ISO 2700X series and a solid understanding of the NIST Cybersecurity Framework
- Knowledge of HIPAA / HITRUST is an advantage
- Understanding of the different cultures across Europe and the ability to communicate cyber and information security recommendations in a factual and respectful manner
- Ability to solve complex problems creatively, together with a high level of integrity, initiative and motivation
- High resilience and knowledge of methods to promote mental health
- Excellent written, verbal and interpersonal communication skills in English for interacting with employees at all levels
- Willingness to travel (domestic and international) and confident driving skills for business travel
Benefits
- Flexible working hours & remote work: In many areas, working time and location can be adapted as needed
- 30 days of vacation plus various special payments
- Training & development: open in-house seminar program, extensive e-learning offerings, professional development and more
- Corporate Benefits discounts and bike leasing
- Contribution to private pension plans and company health management
- Various childcare options – available at the headquarters in Tuttlingen
- Health, sports, cultural and leisure offerings – available offerings vary by location
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
information securityrisk managementincident responsecomplianceISO 27001ISO 2700XNIST Cybersecurity FrameworkKARL STORZ information security requirementsHIPAAHITRUST
Soft Skills
communicationmentoringproblem solvingintegrityinitiativemotivationresiliencecultural understandinginterpersonal communicationtraining and awareness
Certifications
CISSPCISMCRISCPMPCISAGSLC