Information Security (ISO) & Risk Specialist

Founded in 1925, Festo Corporation is the leading worldwide supplier of automation technology and the performance leader in industrial training and education programs. For many years Festo has been providing impetus for factory automation and offers a wide product and service portfolio – from individual components to complex customized solutions and system. As a family-owned company, we act from a holistic perspective. We take responsibility for our actions globally and locally, we want to contribute to the quality of life and conservation of resources where we operate with new technologies, knowledge and education.

At Festo, we hire people who continuously live our five core Values:

• We are Ambitious
• We are Determined
• We are Visionary
• We Value Each Other
• We are Dependable

The “Information Security Officer (ISO) & Risk Manager” has two equal areas of responsibility for North and South American Festo business entities:

1) Managing defined Information Security Management System (ISMS) topics.

2) Responsible for managing and following-up of IT Risks, IT Governance and IT Compliance.

Job Duties:

• Active part in the Festo Global ISMS (50%) and IT-Risk Management in Global IT (50%)
• Point of contact and consulting ISMS & IT requirements and corresponding risks
• Responsible for day-to-day and recurring ISMS and IT-Risk Management tasks (operation, conception, continuous improvement, reporting and monitoring).
• Creation and continuous improvement of corporate information security policies by expanding content with country specific/ governmental requirements (IT-GRC) and performing information security risk management and IT-Risk Management, including follow up measures
• Responsible for preparing and performing information security awareness measures aligned with corporate awareness program
• Responsible for reporting ISMS & Global IT risks, the status of information security measures and its effectiveness to the ISMS Operations Team, Global IT-Risk Team and the responsible managers
• Responsible for alerting the ISMS Operations Team and the management board in case of major information security incidents or attacks and supporting the incident handling in collaboration with Cyber Security Team (Security Operations Center)
• The job requires a good understanding of the responsible area, keeping up-to-date with IT technologies and IT Systems and performing or organizing ISMS audits (internal and external) and risk workshops
• Responsible for the support and coordination of IT audit requests and activities, including follow up / management of audit findings in Global IT and reporting to IT Risk Team
• Responsible for communication with local authorities and other organizations
• Responsible for aligning Information security goals with local organizational goals
• Supporting the central ISMS Operations Team and Global IT-Risk Team
• Willing to learn and work with standards & legal texts and technical cybersecurity questions
• Ability to establish an external network with respect to cybersecurity (e.g. industry associations, test houses)
• Strong analytical, communication and consulting skills

Experience:

• Successfully completed study in information systems, business management or a comparable study
• Professional experience 5 years or more
• Prior experience in a large audit company as IT auditor / IT consultant preferable
• Experience with IT process knowledge (e.g. ITIL) and general IT technical knowledge
• Desired certification includes ISO27001 certifications (e.g. “ISO 27001 Implementer”, “ISO 27001 Lead Auditor” or equivalent), CISM, CISSP, CISA, Project Management (e.g. IPMA or equivalent) and Information Security Officer certifications or completed trainings
• Experience in identifying and managing information security and IT risks, including risk lifecycle
• Knowledge in IT Governance and IT Compliance to follow up local requirements
• Knowledge in Internal Control Systems (ICS)
• Knowledge/experience and sufficient usage of Information Security Standards (e.g. ISO 27000 series, NIST, BSI) and Risk Management Standards (ISO31000)
• Excellent written and verbal Enlgish skills required; Spanish written and verbal skills a plus
• Willing to travel internationally

Benefits:

Festo Corporation offers a robust benefits package, which is designed to help you and your dependents stay healthy, feel secure and maintain a work/life balance. This is just one way we strive to provide employees with a rewarding workplace. As an effort to keep pace with healthcare trends, Festo Corporation is committed to providing a comprehensive benefits package to its employees which includes...Medical, Dental, Vision, Flexible Spending Programs, Short-term and Long-term disability, 401k, Pet Insurance, Paid Holidays, Paid time off, Educational assistance and many more.