What we offer
You will work on exciting and challenging topics together with a team in an ultra-modern, innovative and creative environment. Intensive on-the-job training with expert colleagues guarantees you will quickly become familiar with your duties and perform them independently. Performance related pay and the opportunity for personal and professional development are of course part of the package. Since 2009 Evonik Industries AG has been certified as a family-friendly company by the German Hertie Foundation.
- Ensure implementation of the global security group standards
- Propose changes to existing internal policies and procedures to ensure operating efficiency and regulatory compliance
- Work with the CISO to develop a security program and initiate security projects that address identified risks and business security requirements
- Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the CISO with a realistic overview of risks and threats
- Work with the CISO to develop budget projections based on short- and long-term goals and objectives
- Keep oversight about IT security relevant laws and regulations
- Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans
- Maintain and improve processes to ensure that security is factored into the evaluation, selection, installation and configuration of applications and software
- Ensure the implementation of security design and manage the remediation of identified risks
- Identify risks and ensure that rules are applied
- Prepare and evaluate exception requests and performe audits
- Monitor and report on compliance with security policies, as well as the enforcement of policies
- Manage the processes related to day-to-day activities, identify risk tolerances, recommend treatment plans and communicate information about residual risk
- Participate (and contribute) to further development of external IT Security regulations
- Successfully completed MBA, master’s or bachelor`s degree in information security or equivalent work experience
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x or the NIST Cyber Security Framework
- The ability to interact with Evonik personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives
- A strong understanding of the business impact of security tools, technologies and policies
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
- Certification as CISM, CRISC, ISO 27001 Lead Auditor, ISO 62443 and CISSP recommended
- Business fluent English language skills as well as skills in regional languages
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls
To ensure the fastest process of your application and to protect the environment, please apply online via our careers portal at https://careers.evonik.com.
For a complete application, please submit not only a cover letter and CV, but also employer and degree certificates and, if applicable, current grade overviews from your studies.
Please address your application stating your earliest possible starting date and your salary expectations to Christina Melo.
If you have any questions regarding the application process, please contact our Recruiting Center Team at 0800 2386645 (Germany only) or +49 201 177 4200.
VACANCY REFERENCE NUMBER 143767
Please note that Evonik will not accept any unsolicited application documents sent by staffing firms. Evonik works in conjunction with preferred service providers and will not pay any fee to staffing firms in the absence of an appropriate framework agreement. Should Evonik receive a candidate profile from a staffing firm with which it has no framework agreement, and should this candidate subsequently be considered in the recruitment process or offered employment, no claims from the staffing firm will be entertained in this regard.
- PwC DeutschlandIT Consultant Cyber Security (w/m/d)Berlin +8Consulting +1
- ALDI NordJunior Information Security Manager (m/w/d)EssenIT-Security +1
- BWIIT-Security-Spezialist (m/w/d)Bonn +2IT-Security
- KfW BankengruppeIT Junior Security Architect (m/w/d) Netzwerk- and Cloud SecurityFrankfurt am MainIT-Security +2
- Mobil ISCInformation Security Consultant (m/w/d)Bayreuth +4Consulting +1