IT Security Officer

EDV Werke is looking for an IT Security Officer

Form of cooperation:B2B Contract

Working Model: Remote

Requirements:

• Educational Background: Graduate degree in Business or Management; Bachelor’s degree in Computer Science, Engineering, or a related IT discipline.

• Professional Certifications: Relevant security certifications such as CISM, CISA, ISO 27001, CISSP, CRISC, ITIL, CMMI, CompTIA Security+, NCSF, or CHFI are a strong asset.

• Experience in IT Security: Minimum 10 years of experience in IT security and operational or compliance IT roles.

• Technical Security Knowledge: Broad expertise in IT services, technologies, and security solutions, with deep understanding of information security and compliance standards (ISO 27001/2, GDPR, NIST, HIPAA, etc.).

• Domain-Specific Expertise: Knowledge in one or more of the following areas is advantageous: Cloud Security (CCSP/GCSA), Network Security (CND/CCNP/CCNA Security/CEH), System/Infrastructure Security (CISSP/CISM/CISA), Industrial Technology Security (CDSE/GICSP/ISP/ISOC).

• Project & Audit Experience: Extensive experience delivering IT security projects, assessments, audits, and compliance initiatives.

• Risk Management Skills: Practical experience in risk assessment, management, and maintaining risk registers.

• Policy Implementation: Experience implementing policies and procedures aligned with Information Security Management System standards (ISO 27000 series).

• Regulatory Knowledge: Strong understanding of regulatory requirements, security policies, and standards.

• Industry Experience: Work experience in related industries such as cement, aggregate, or ready-mix is a plus.

• Decision-Making & Negotiation: Proven ability to make informed decisions and negotiate effectively with vendors, contractors, and suppliers.

• Technical Skills: Ability to develop and implement IT policies and governance; conduct deep technical research; review technical architecture documentation for security risks.

• Cybersecurity Incident Handling: Experience responding to cyber incidents, forensic activities, and security incident/problem management.

• Project Management: Profound project management skills with the ability to handle multiple priorities effectively.

• Behavioral Competencies: Strong communication skills, ability to work under pressure, manage multicultural teams, drive transformation, and maintain high attention to detail.

Responsibilities:

• Risk Assessments: Perform risk assessments on new projects, assets, and tools; maintain and manage the risk register, including compliance exemptions and risk acceptance tracking.

• Collaboration on Threat Management: Work closely with Security MSPs and other regional security officers to address emerging global security threats.

• Compliance Management: Support Governance, Risk, and Compliance (GRC) officers in evidence collection, audit support, control process development, and post-audit action tracking.

• Security Review & Change Management: Provide security reviews and approvals on ServiceNow (SNOW) changes; represent security in Change Advisory Boards (CAB/E-CAB).

• Project Security Reviews: Conduct security reviews for new demands and project charters related to Infrastructure & Operations (I&O) and IITSC projects.

• Support Security Initiatives: Drive and support global or regional security initiatives.

• Security Operations Collaboration: Manage and support regular security operations including patch management, backup and restore, disaster recovery (DR), business continuity planning (BCP), and malware defense.

• Patch Management Improvement: Lead global patch management efforts to consolidate asset sources, improve visibility of vulnerabilities, standardize patching processes, and detect improvement opportunities.

• Network Security Operations: Lead security operations for network components including firewall configurations, IDS/IPS rule management, WAF baseline setup, proxy configuration, and Indicators of Compromise (IoC) lifecycle management.

• Vulnerability Management: Lead and coordinate the global vulnerability management process, ensuring findings are tracked and remediated.

• Threat Hunting Coordination: Coordinate with third-party threat hunting teams, providing necessary access to systems, resources, and personnel, managing agent deployment, and ensuring closure of findings.

• Incident & Problem Management: Manage security incidents and problems, including providing support during Priority 1/Major security incidents.

• Forensics Involvement: Participate in forensic activities related to security investigations.

• Service Delivery: Ensure successful service delivery with SLA achievement and high customer satisfaction.

• Communication & Issue Resolution: Communicate effectively regarding security issues and opportunities, removing obstacles to customer satisfaction and financial performance.

Benefits:

• Competitive salary with performance-based bonuses.
• Opportunities for professional development and advancement.
• Dynamic and collaborative work environment