Job Description

General description

Implementation of the national, corporate or customer security policies and standards into company environment,

Developing, implementation, communication and constant improving of security concepts, policies, processes and awareness in the company,

Executes ISMS P-D-C-A cycle in his/her area of responsibility

Accountabilities

• Implementation of the national, corporate or customer (EMEA focus) security policies and standards into company environment,
• Developing, implementation, communication and constant improving of security concepts, policies, processes and awareness in the company,
• Acts as main admin with responsibility for proper configuration of respective Security Management systems and applications in his/her area of responsibility
• Develop yearly audit plan and perform internal security audits resulting to audit evidence and mitigation plan,
• Contribution and support to internal/external/customer audits ,
• Identification of Security incidents, analysis of the root cause, resolution with stakeholders and evidence,  
• Identification of information security risks resulting to mitigation strategy creation. Formalizing of the information security risks in the corporate information security risk  management tool ( e.g. ISRM.xls or ISH),
• Gathering IT system-specific information (logs), analysis and measures implementation in case of non-compliance to security rules,
• Supports internal/external/customer audits (ISO, ISAE, SAPSEC)
• Security Awareness and info sharing by rolling out Security Card of the month talks
• Training of Security basics
• Provide information and first-hand environment assessment within Handover to Operation phase (H2O)
• Perform revision of User Lifecycle Management for customer set
• FPOC (First-Point-Of-Contact) for all security and data privacy issues specific product, service or platform (SAP SOC EMEA area)
• Support for the development of ESARIS Level 4
• Development and Implementation of product-, service- or platform-specific ESARIS Level 5 Technical Security Baselines
• Standardization and harmonization of product-, service- or platform-specific technical security measures in cooperation with the Lead Security Architect
• Coordination of Operational Security Tasks (SIUX, WinAudit, SAPSec reports, User review with given area of responsibility (EMEA)
• Handling of non-conformities and vulnerability messages incl. communication of them into the organization
• Management of KPI in the areas SIUX WinAudit and SAPSec
• Monthly meetings with security SPOCs in Ops teams

Management scope

• Continuous operation and improvement of ISMS in his/her respective area of responsibility e.g. IT Security, Physical Security, Business Continuity and SAP Security
• Creation of  security related KPIs, provide tracking of KPIs on regular basis including trends, recommendations for improvement
• Initiation and coordination of security projects e.g. security awareness campaign, key consolidation, etc.

Other Benefits

• Cafeteria - individual benefit
• Trainings and development opportunities
• Discounts at various providers in Košice
• Possibility of Home office
• Pension savings contribution
• Meal vouchers contribution
• Teambuildings
• Extra vacation days
• Young and enthusiastic working environment
• Diversity Program
• Health Weeks
• Sport Activities
• Weekend Events
• Work life Coaching
• Doctors at workplace
• Credit card
• Metro card
• Referral bonus /financial/
• Rotations possibilities

Requirements

Education

• University Degreewith security or IT focus

Experience

• Min. 3 years of experience within the security field, ideally with SAP insights

Language

• English: B2

Others

• Equivalent certification e.g. CISSP, CISA, CISM, Security+, CCNA Security of great benefit

Salary

Minimum monthly salary is 1150 € brutto + variable part of salary + other financial benefits. The final basic wage component can be adjusted accordingly to individual skills and experience of selected candidate.