With our innovations for digital industry and smart infrastructure, we provide answers to urgent questions of our time. That’s why we’re always looking for curious, open-minded people, people who dare to ask tough questions. Like every Siemens employee worldwide. People like you?
We are looking for Siemens Russia Country Information Security Manager to join our team in Moscow.
What are the responsibilities?
The Information Security Manager is responsible for the implementation and execution of the Siemens Information Security Regulations for Information Technology and Operations Technology within Siemens Regional Company of Russia in full alignment with the Global Siemens Cybersecurity Strategy.
This function is reporting to the Cybersecurity Officer of Siemens Russia.
The key responsibilities are:
· Support of the Country Cybersecurity Officer in the identification of cybersecurity (IT, OT, PSS) demands of country Operating Companies, Functions and local/regional IT business partners
· Identification and analysis of local Information Security demands / gaps in Information Security awareness and processes and collaborate with the Operating Company and global Cybersecurity for the development and roll-out of appropriate solutions
· Development and execution of Information Security awareness campaigns and Trainings in the area of responsibility
· Drive capability and innovation for existing and new Cybersecurity topics and solutions in the area of responsibility
· Support the Country Cybersecurity Officer in establishing and maintaining key relationships, collaborations and partnerships for the awareness and improvement of Information Security all Business Units / Function and IT
· Collaborate with all business units to identify business critical assets and to protect these assets according to Siemens standards (e.g. Asset Classification & Protection, Risk Management, etc.)
· Ensure that IT Asset Owners and Managers understand Information Security requirements and related security measures in accordance to business-criticality of IT/OT/business assets
· Lead country Cybersecurity Community in all aspects of Information Security
· Consult all country business units regarding Siemens’ Information Security rules and regulations, identifies required improvements/changes and ensures their implementation
· Support country business units in ISO 27001 / IEC 62443 certification
· Support planning, budgeting and roll-out of Information Security processes, tools and/or solutions
· Collaborate with local production site / plant management and OT security experts regarding production security and relation / integration with Information Security
· Drive implementation and execution of all Cybersecurity processes (e.g. Risk management, Exception Handling, Incident Management, Vulnerability Management, Continues Improvements, etc. ) in the area of responsibility
· Collaborate with local / regional IT management to ensure all Information Security-related controls and measures are implemented, managed, controlled and reported
· Define, monitor, manage and report Information Security performance targets for area of responsibility, aligned with overall Information Security Strategy and IT Information Security performance metrics
· Direct and participate in the Information Security Incident Handling Process
· Report Information Security incidents in accordance with the Information Security Incident Handling process
· Engage with Enterprise Risk Management for Information Security risks in country and understands it from a business and region / country point of view to foster greater understanding of managing enterprise risks as it relates to cyber security threats and the broader threat landscape
· Ensure organizational and engineering measures of information protection are taken, including cryptographic information protection
· Ensure compliance with the requirements of the current legislation of the Russian Federation, as well as countries within the area of responsibility in the field of information protection, cryptographic information protection.
What is needed to qualify for the position?
· More than 5 years of experience in information security
· Education degree in Computer Science or Business Information Technology, ideally with a focus on information security
· Knowledge of ISO 27001, IEC 62443
· Experience in risk managenet with ability to assess security threats, to identify appropriate risk mitigation measures and risk impact on organization
· Experience with functional leadership in matrix organizations
· Excellent communication skills including fluent business English (verbal and written) and Russian
· Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA)
· Strong understanding of current technology trends, security best practices, and cyber security threats
· High professional education in the field of "Information Security" in accordance with the All-Russian qualifier of specialties and (or) who has undergone retraining in one of the specialties in this area (standard period is more than 500 class hours), and also having experience in the field of work performed under licensed activities for at least 3 years confirmed by certificate of employment
· Mobility of up to 30% for business travel within country
Organization: Digital Industries
Company: OOO Siemens
Experience Level: Experienced Professional
Job Type: Full-time