Risk Security Officer (focus on Information Security)
As the "2nd Line of Defense" within SIX, Corporate Security is responsible company-wide for the design, maintenance and control of all integral security issues. Our team collects and transports the security requirements of all business areas as well as the central functions, with an international focus. We advise projects, introduce security requirements, identify and evaluate risks and transport them to the risk owners and business units. We also support the implementation of various contractual, regulatory and legal security requirements (e.g. EU-GDPR, PCI-DSS).
•Advising local and international business units on information security processes
•Conducting and supporting international security assessments for strategic projects, lifecycle management and in case of changes in the current threat situation
•Creation of technical specifications, control of compliance as well as recognition and assessment of possible weak points and risks
•Acting as first contact, in case security involvement is necessary (e.g. firewall rule or proxy configuration exception requests); supporting first analysis/ triage in case of security incidents or threat intelligence
•Preferably training or certification in the security domain (e.g. CISSP, CISA, CISM, CRISC, bachelor or master in security)
•Good knowledge in security concepts of technical informatics (networks, operating systems, application architectures, cloud services, development standards); knowledge of COBIT, PCI-DSS, ISO/IEC 2700x, ISF Standard of Good Practice is an advantage
•Independence and responsibility with good planning and organizational skills; single-minded with a quick mind and the passion to approach problems unconventionally and to deliver creative results
•English as documentation language is a must, German as second language of communication is an advantage
For this vacancy we only accept direct applications.