Information Security Manager

About SAP Fioneer:

Innovation is and will always be the core to SAP Fioneer, and it is the promise of why we were spun out of SAP: agility, innovation, and delivery.

SAP Fioneer builds on a heritage of outstanding technology and a deep understanding of corporate and consumer demands. At the heart of it all it is simple: We bring financial services to the next level with innovative software solutions and platforms.

We are helping companies in the financial services industry to achieve speed, scalability, and cost-efficiency through digital business innovation, cloud technology, and solutions that cover banking and insurance processes end-to-end.

A global company, with rapid growth, innovative people, and a lean organization makes SAP Fioneer a place where you accelerate your future!

Job Location:

You can work remotely from Germany, Austria, UK or Romania combined with a willingness to travel.

About the Role

As an Information Security Manager in the team of Cloud Platform and Products, you will support the team in operating and continual improvement of the Information Security Management System of SAP Fioneer. Your responsibilities will include:

• Conducting information security risk assessments and identifying potential vulnerabilities and threats to the organization's information systems and data.
• Working with stakeholders across the organization to understand their security concerns and requirements and providing guidance and recommendations for managing risks.
• Developing and implementing risk management policies, procedures, and controls to mitigate identified risks.
• Liaise with our CISO, CSO and Security Operations team on information security requirements, risk assessments and be a point of contact for internal and external audits
• Performing regular reviews and assessments of the effectiveness of risk management controls, identifying areas for improvement, and making recommendations to senior management.
• Staying up-to-date with the latest industry trends and best practices related to information security risk management, and recommending improvements to the organization's risk management framework.
• Collaborating with other members of the security team to ensure that risk management activities are aligned with the organization's overall security strategy and objectives.
• Maintaining and updating the organization's risk register, risk management plans, and other risk management documentation.
• Assisting in the development of security awareness training programs and materials to ensure that employees are aware of their role in managing information security risks.
• Participating in incident response activities and providing guidance and recommendations for managing risks during and after an incident.
• Communicating effectively with stakeholders across the organization to ensure that they are aware of the risks to their systems and data, and that they understand the steps being taken to manage those risks.

Requirements

• Education: A bachelor's or master's degree in information security, computer science, or a comparable infirm education. Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Risk and Information Systems Control (CRISC) are a plus.
• Experience: You have first experience in information security, risk management, or related fields. Experience in conducting risk assessments, developing risk management policies and procedures, and working with stakeholders to manage risks is a plus.
• Knowledge: Working knowledge of information security risk management principles, standards, and best practices such as ISO 27001, NIST Cybersecurity Framework, or CIS Controls are a plus.
• Skills: Good analytical, problem-solving, communication, and interpersonal skills are essential.
• Technology: Familiarity with information security technologies and tools such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems may be beneficial.
• Continuous Learning: Continuously learning and keeping up-to-date with the latest trends, technologies, and regulations in the information security risk management field is crucial.
• Language: Fluency in English, both in written and spoken from is required.

Benefits

• We are a pragmatic, fast-paced startup company paired with years of system delivery expertise, a strong reputation on the market, and a long-established customer portfolio.
• You will be offered growth opportunities based on merit and individual goals, as well as the space to bring new ideas, drive innovation and challenge the status quo.
• Mobile Office
• Attractive compensation package and country-specific range of benefits