Information Security GRC & ComplianceAudit Manager (mfd)

Arbeiten bei ARLANXEO Gestalten Sie die Zukunft mit uns
ARLANXEO ist einer der weltweit führenden Hersteller von synthetischem Kautschuk.
Unsere Hochleistungskautschuke stecken in Produkten die Sie täglich nutzen vom Autoreifen über Haushaltsgeräte bis hin zu nachhaltigen Technologien wie Batterien für Elektrofahrzeuge Windräder und Solaranlagen.

Was uns besonders macht
Wir verbinden technologische Exzellenz mit einer starken Unternehmenskultur. Bei uns arbeiten Sie in einem internationalen Umfeld das Innovation Verantwortung und Zusammenarbeit großschreibt.

Ihre Entwicklung zählt
Unsere Mitarbeitenden sind das Herzstück unseres Erfolgs. Deshalb schaffen wir ein Umfeld in dem Sie wachsen gestalten und Wirkung entfalten können.
Unser Versprechen an Sie: Doing what matters. Together.
Das ist mehr als ein Slogan es ist unser täglicher Anspruch. Wir bieten Ihnen die Chance Ihre Karriere in einem Unternehmen aufzubauen das auf Verlässlichkeit Verantwortung und Fortschritt setzt.
Unser Purpose:
Reliable. Responsible. Rubber.
Er zeigt wofür wir stehen und warum Sie bei uns genau richtig sind.

Under the CISO the Manager of Information Security / Cybersecurity GRC (Governance Risk & Compliance) the Governance & Compliance Manager is responsible to manage and lead the definition implementation development reporting and operational improvement of ARLs enterprise Information Security and cybersecurity for IT OT covering the entire ARLANXEO Functions & processes in the following areas:

Governance 20%: To manage and lead all key operational and strategical Governance processes including standards definition framework development consultation with stakeholders review and publishing of the Information Security Governance framework Policies Standards and Baselines.

Compliance 80%: Jointly with the Information Security GRC team to organize and manage the Information Security Compliance checks processes related to the Information Security / Cybersecurity supported by the ARLANXEO internal key functions like Internal Auditing or Quality Management.

Organize and manage external assessments requested by the ARLANXEO or by the ARAMCO group outsourced to global partners.

Objectives: As an officer of Governance & Compliance he/she will utilize the domain of expertise and business knowledge to integrate the Information Security needs from the NIST framework as well as the ARAMCO group policies & standards for all implemented systems and processes including projects.

Requirements:

As the successful candidate you will hold a Bachelors degree or equivalent experience in or Associate degree with 3 additional years of experience in the IT IT-Security or cybersecurity field.
University degree or equivalent experience in IT topics and a professional working background in security topics for more than 5 years.

SME: Well-versed with various IT & cyber security policies / standards especially IT Security policy and compliance management. Data Protection knowledge in regard to GDPR in the European context is a must have. Furthermore an in-depth experience and expertise in at least one of the frameworks NIST / ISO 27001 is required. KritisV knowledge is a plus. This includes knowledge about the framework set up implementation and a profound audit experience both on-site and remote.

Fluent in English language for professional verbal communication and as well as for creation of policies standards and reports with correct spelling and grammar. Additional languages is a plus (German French Dutch Portuguese Chinese).

Travel mobility as the company has production R&D warehousing office and key interests in Europe Americas Asia and Saudi Arabia.

Certifications:One or more of the following certifications is preferred:

• NIST
• ISO 27001 Lead Auditor
• CISA / CRISC / CISM
• CISSP

Knowledge and certifications in the following areas is advantageous:

• Testing methodology in regard to BSl-KritisV
• COBIT 5 Foundation
• ITIL Foundation
• Projekt Management Certification (at least basic level e.g. ISO/IEC EN 17024)

Standards:

Very good knowledge of relevant standards (NIST ISO 2700x IEC 62443 Cobit ISO/IEC BSI Grundschutz) and an ability / experience to apply them appropriately.

Provable track of successfully operated in the Governance Risk Management and / or Compliance areas

Understanding of Threat and Risk methodologies/techniques - with qualitative and quantitative approaches - and the interpretation/application of their output in the definition of Information- and IT/OT-Security Solutions.

Non-technical skills

• Team player with strong personal skills
• Analytical skills required to conduct technology and risk assessments gap analysis identifying (re)engineering or (re)architecting initiatives
• Build develop and sustain relationships with IT and business and participating in networking activities
• Technical writing and reporting
• Verbal and nonverbal communication
• Presentation and information delivery
• Effective time management skills by completing assignments within budgets and calendar schedules
• Engage in professional development activities including completion/renewal of professional certification(s)
• Problem solving skills to generate ideas for mitigating identified gaps and vulnerabilities
• To be able to work in a structured way also in stressful situation or under time pressure
• Result oriented and quality driven is a big plus

Duties & Responsibilities:

Manage and coordinate the Information Security / cybersecurity compliance in cooperation with ARLANXEO ARAMCO key functions as well as global partners.
Drive from a governance and compliance perspective the process and technical assessments with internal and external stakeholders e.g. IT project managers and providers.
Ensure compliance with security controls and baselines across IT and OT.
Lead prepare accompany the cybersecurity audits and assessments in close cooperation with Internal Audit External Audit partners and help to improve our maturity levels
In regard to the CIP track and follow up with IT and IT Security team on audit findings/observations.
Develop review update maintain and communicate IT and cybersecurity governance documents.
Establish maintain and enforce policy guidelines and baselines related to security for the users and administration of IT systems and services.
Identify opportunities to improve existing policies procedures standards guidelines and training programs.
Track mitigation progress and provide status update to Management.
Build good relationships with auditors and all stakeholders.

Chancengleichheit bei ARLANXEO
Wir sind stolz darauf ein Arbeitgeber zu sein der Chancengleichheit bietet.
Alle qualifizierten Bewerber:innen werden unabhängig von ethnischer Herkunft Hautfarbe Religion Geschlecht Alter sexueller Orientierung Geschlechtsidentität nationaler Herkunft Behinderung oder anderen gesetzlich geschützten Merkmalen für eine Anstellung berücksichtigt im Einklang mit unserem Engagement für Vielfalt Gleichberechtigung und Inklusion am Arbeitsplatz.

Hinweis für Personalvermittlungen:
ARLANXEO akzeptiert keine unaufgeforderten Bewerbungen von externen Personalvermittlern oder Agenturen.
Lebensläufe oder Bewerbungen die ohne vorherige schriftliche Vereinbarung eingereicht werden gelten als unaufgefordert und werden als Eigentum von ARLANXEO solchen Fällen wird keine Vermittlungsgebühr gezahlt.