N: CLARIANT
Job ID: 37731 | Location: Pratteln, Canton of Basel-Landschaft, Switzerland
In today's business, information is highly valuable. That is why we see information as an asset which needs to be protected. We have a strong obligation towards our stakeholder, e.g. shareholders, employees, customers and suppliers to safeguard our information. Customers today often also require a CISO to sign off on client's questionnaires to give assurance on an appropriate data governance at the supplier. Based on our Code of Conduct, safeguarding our information is a permanent, conscious effort. Information Security Policy Framework is an important element for the protection of information and is part of the Compliance Organisation. You will be responsible for the implementation of the information security strategy.
Responsibilities
Information Security Governance
- Identify legal and regulatory requirements affecting information security to comply with.
- Prepare reporting on Information Security Strategy.
- Coordinate the communication with Information Security Champions on a regular basis.
- Monitor that Information Security requirements are incorporated in operational projects & procedures.
Information Security Program Management
- Manage Clariant's Information Security Program.
- Maintain and communicate information security policies and procedures.
- Develop and deliver information security awareness initiatives and training.
Risk Management
- Perform information security risk assessments.
- Identify and evaluate controls and countermeasures to mitigate risk to acceptable levels (control framework).
- Conduct security assessments of the organization's information systems and processes (compliance & assurance).
Information Lifecycle Management
- Maintain the process for information asset classification.
- Provide advice and guidance on information security to the business and functions.
- Support the implementation of tools for information lifecycle management and protection.
Incident Management and Response
- Support information security incidents management.
- Document and support information security incidents.
- Support eDiscovery and compliance investigations.
Requirements
Education
- Bachelor's or master's degree in computer science, information technology, or a related field.
- Professional certifications such as CISSP, CISM, CISA, CRISC, or equivalent.
Business experience
- 5 years of experience in information security or related field.
- In-depth knowledge of security frameworks, standards, and best practices, such as ISO 27001, NIST, GDPR, and HIPAA.
- Experience in developing and implementing information security strategies and programs.
- Experience in conducting security assessments.
Additional Qualifications
- Good written and verbal communication skills, interpersonal and collaborative skills.
- The ability to communicate information security and risk-related concepts to technical and non-technical audiences.
- The ability to provide guidance to the business with regards to information protection, e.g. IP protection, trade secret, project support.
- Fluent in English (both written and verbal).
Our offer:
· Room for creativity in an attractive, global working environment.
· Strong teamwork with international and multidisciplinary collaborations.
· We offer attractive remuneration and the benefits of a modern company.
