Assignment Description

Our client in the automotive industry is currently seeking an Information Security Officer to design and improve InfoSec capabilities. The role involves overseeing critical InfoSec functions such as incident management, vulnerability management, and security monitoring.

The Team:

The Information Security department at our client’s organization is expanding as the company grows. Our client operates in many countries, with plans to rapidly enter additional markets. As the IT landscape becomes more complex, the Information Security team must ensure the company is protected from a diverse set of threats, primarily those related to cybersecurity. To safeguard against these threats, a solid foundation of security practices is essential.

Main Responsibilities:

Information Security Officers are responsible for the design and continuous improvement of Information Security Capabilities within our client’s organization. These officers are experts in various security practices and oversee the end-to-end delivery of key InfoSec capabilities, including incident management, vulnerability management, security monitoring, and related practices. They design, deploy, and guide the execution of security processes, delivering results across various departments and ensuring these services are integrated and implemented throughout the organization.

These officers support the aggregation and tracking of identified risks from their specialized information security perspective. They lead the design and formulation of InfoSec capabilities, services, and related key metrics. They identify relevant stakeholders within our client’s organization to ensure efficient collaboration with other digital, security, and compliance functions. They report to the CISO and are accountable for integrated status updates and future development tracking of the Information Security Capabilities.

Key duties include:

• Overseeing and governing InfoSec Capabilities or Services in line with the InfoSec Strategy.
• Defining and setting standards and practices for responsible areas.
• Establishing and aligning Key Performance Indicators (KPIs) with organizational goals.
• Supporting Risk Management, Risk Analysis, and stakeholder consultations on Risk Treatment.
• Formulating tactical goals and translating them into operational plans.
• Contributing to strategic planning and governance decisions.
• Ensuring alignment and effective handovers within InfoSec Teams.
• Managing stakeholders and promoting an InfoSec Culture.
• Delivering tailored Awareness and Training programs.
• Coordinating capabilities, ecosystems, and market-specific deployments.
• Collecting, aggregating, and monitoring InfoSec Risk Data.

Deliveries: This is a HC temporary backfill.

Competence Requirements:

• Possess a university degree in a relevant subject area related to Information Security.
• Have more than four years of experience working in digital organizations and Information Security.
• Proven track record of adapting industry-standard enterprise-wide security technologies and concepts to align with technology and business-defined scopes.
• Knowledge of relevant industry standards (e.g., NIST 800-53, ISO 27001, ISO 27018, EN 62443).
• Experience working in two or more Control Areas of ISO 27001:2022.
• Experience in the secure deployment and monitoring of applications and infrastructure.
• Understanding of relationships with Product Owners, Design Leads, and the technical team.

Qualifications (one or more of the following areas):

• Experience in rolling out SDLC processes with expertise in Cloud, Mobile, and Embedded/Car systems. Proficient in threat modeling, secure coding, and aligning development practices with security requirements and compliance.
• Expertise in PKI and symmetric systems, key management, HSMs, and cryptographic usability, with the ability to train others on selecting appropriate crypto types and understanding the implications of symmetric vs. asymmetric keys in processes like enrollment.
• Experience in Enterprise IT, ISMS, asset management, and risk management and threat modeling, with a strong understanding of the current threat landscape, effective protection methods, and the ability to incorporate legal requirements into solutions.

Desired Attributes:

• A patient and open-minded individual capable of informing, motivating, and training others in their subject.
• A high-energy, passionate individual who is proactive in finding new solutions within given tools and requirements.
• Embraces a culture of trust, free thought, and complete transparency.
• Brave and forward-looking, always probing for new solutions and steady improvement of the status quo.
• Strong communication skills with the ability to align the organization on complex technical decisions.
• Balanced in quality expectations with a pragmatic approach to work.
• A connecting thinker, always seeking the best ways of working in an integrated and efficient manner across responsibilities.
• Ability to translate between different stakeholders of digital business and Information Security.