Based at our offices in CHAM you will be reporting to the Head of Information Security and Infrastructure. The role requires you to drive the management, implementation and compliance with VARO`S Cyber risk management and data governance framework and provide an organizational view of cyber, data security and technology risks.
Alongside this you will be proactive in developing and enhancing existing policies, procedures and mechanisms for managing risk, cyber resilience and data governance.
This includes conducting cybersecurity risk assessments, ensuring that organisational data remains consistent and trustworthy and does not get misused, facilitating cyber incident response testing exercises across production and corporate environments, establishing a cyber-risk taxonomy, defining and implementing a quantitative risk methodology and associated processes, building and maintaining the technology risk register and implementing metrics and dashboards that provide transparency on compliance and progress status.
The Cybersecurity Risk and data governance manager will also provide VARO with cyber and data security risk subject matter expertise to Influence behaviors and foster a strong, collaborative technology risk management and data governance culture throughout VARO
The position requires a forward-thinking and self-motivated individual with strong customer orientation and proven delivery experience, who is
- Structured, thorough, precise with a goal-oriented personality with strong verbal and written communication skills, who can manage multiple cross-departmental stakeholders to generate advocacy and solve complex, multifaceted challenges
- Thinks strategically and effectively and can develop key processes, procedures and communications that facilitate cross-functional implementation of risk management processes and risk reporting.
- Possesses strong business judgment, deep analytical thinking, is comfortable managing multiple responsibilities within a fast-paced environment, and has worked collaboratively with others to develop, implement, and communicate risk management and data governance strategies.
- Can drive effective teamwork, communication, collaboration and commitment to meet objectives
- A hands-on team player, able to work autonomously, with an exceptional ability to create, lead creation of, and manage technically precise documentation, with patience to give and receive feedback to make iterative improvements over time.
- Has a thorough understanding of a broad range of technical concepts relevant to cloud computing environments: logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy
- Improve and maintain an effective information security policy and risk framework
- Develop and enhance existing information security and technology policies, processes, procedures and standards and provide guidance, interpretation and education on specific security policies across requesting organizations related to their projects and applications.
- Engage with key IT and Business stakeholders to understand business processes, critical data and systems, security risk posture, and risk appetite.
- Collaborate with technology, business and enterprise stakeholders to identify, assess and manage technology and cybersecurity risks through the entire lifecycle in line with Risk appetite
- Conduct Security Assessments and Reviews of Solutions, Vendors, Services and Contracts
- Maintain comprehensive view of information security and technology risk in a master risk register
- Devise effective information security performance indicators and provide monthly reports and dashboards to provide visibility to areas of risk and progress on response plans, to drive compliance to policies and risk appetite
- Engage regularly with other risk-managing teams (Enterprise Risk Management, Operational Risk Management, Internal Audit, Privacy, etc.) to ensure alignment;
- Promote adoption of risk management processes by collaborating and providing risk consulting and/or facilitating security awareness training
- Partner with risk-managing and master data management teams to establish data governance policies, processes, standards and best practices within a data governance framework.
- Coordinate data mapping and classification activities and the documentation and implementation of current workflows, data policies, standards, and procedures for data in both legacy and new data environments
- Deliver training and education on data governance to appointed data managers, owners, stewards, users and custodians and collaborate with them to ensure data is used and maintained in alignment with data governance policies
- Leverage technology tools to drive the enforcement of data governance to minimize data accuracy errors or misuse and ensure compliance with data privacy laws and regulations
- Create and manage reports, dashboards, and other deliverables aimed at providing visibility and metrics on data exposure areas to drive compliance.
Essentials Skills And Qualifications
- Fluent in English. German or other European language would be a bonus.
- Minimum of 5 years of relevant experience with risk program work including assessment, reporting and remediation planning and tracking activities in cybersecurity, information security or technology risk management
- Practical experience with information security, risk or other industry regulatory frameworks (NIST 800-53; ISO; CMMC; COSO; COBIT, FAIR)
- Experience with regulatory requirements (i.e. PCI; GDPR; NIS; Privacy; CCPA; etc.)
- Proficiency in identifying, assessing, qualifying, articulating, and mitigating risk
- Strong technical knowledge of security control design and a passion for automation of evidence collection and testing.
- Demonstrated track record of acting as business partner to leaders and team members across multiple business units with ability to build relationships, trust and rapport; experience working at executive levels to lead change using positive and collaborative methods
- Understanding of data and how to utilize metrics; ability to gather information from multiple sources and synthesize into meaningful visualizations, observations, and recommendations to inform decisions and achieve desired outcomes
- Strong technical acumen with general knowledge across a wide variety of technologies, infrastructure towers, and processes
- Experience developing key security program metrics to support Information Security program governance and risk management.
- Experience facilitating compliance assessments with internal and external audit teams.
- Experience building and operating security awareness training programs
- Strong knowledge of master data management, reference data management, data quality management, data integration.
Desired Skills And Qualifications
- University or equivalent degree (ETH/Uni/FH) in information systems or business related field or equivalent work experience
- IT Security qualification such as CRISC, CISM or CISSP.
- Experience as an IT Security manager or Data Governance manager
- Knowledge of oil and fuel business sector or operating in highly regulated environments
- Strong demonstrable knowledge in information security industry and in the implementation and management of information security risk management and control frameworks
- Experience with FAIR model
- Keen interest and curiosity in security, confidentiality and information system
- Good understanding of data governance tools
In return for your commitment and delivery of a professional standard of services to the wider group we are able to offer ongoing support and development of your career and technical abilities in additional to an excellent remuneration package. Through training, mentoring and involvement in new and emerging technologies we´re able to provide you with the correct tools to help your own personal progression as we continue to expand and drive the growth in VARO.