Head of Security

PURPOSE OF THE JOB: The main purpose of this position is to execute all activities related to physical , personal and logical security.

The key responsibilities of the position are as follows, but not limited to:

• Creating, testing, implementing and updating of the overall security concepts.
• Definition of requirements for physical and technical IT security and suitable vulnerability analyses (Physical security, Network technologies, operating system security, application security (such as SAP or web-based applications).
• Risk- and Information security analysis in all areas (method development and application), risk management.
• Implement and conduct Security awareness Training (initial, repeated awareness training) of staff and external persons.
• Prepare, execute and follow-up on internal and external audits.
• Implementation and enforcement of all legal - , association -, customer -, insurance regulations and the G+D security policys and requirements in the responsible field.
• Support and verification during the hiring process for employees, external staff, external service providers etc. (Background checks, Creditworthiness checks, etc.).
• Coordination and control of external security service providers (e.g. external security service, external service provider, etc.).
• Central point of contact for the site for security authorities, internal and external security organizations and certification organizations and schemes
• All of the above objectives are to be completed striving at all times for Quality, Trust and Security Creating Confidence.

MINIMUM ACADEMIC QUALIFICATIONS:

• University Degree in in security management or IT Security or Computer Science (or Equivalent).

PROFESSIONAL EXPERIENCE:

• Minimum of 3-6 Several years of professional experience in the areas of corporate security, internal audit or revision..
• Minimum of 2 years experience in physical and IT security, especially in the field of security certifications.

KNOWLEDGE, SKILL & ABILITIES:

• Substantiated knowledge of the most important technical and organizational concepts in connection with IT systems in the field of information security (firewall, intrusion detection /prevention, penetration testing/vulnerability assessment, device control, cryptography, endpoint and mobile security etc.).
• Substantiated knowledge of the most important technical security systems like ACS; CCTV and IDS.
• Substantiated knowledge of common security standards, e.g. PCI CPP or DSS, ISO 2700x desirable, local IT security standards.
• Strong analytical skills and conceptual way of working.
• Very good knowledge of English in spoken and written.
• Reliability and security awareness.