At Siemens there is an ongoing initiative to monitor and improve the security level in IT Systems and underlying infrastructure by monitoring their compliance with Siemens Cybersecurity policies. Two main streams run in parallel to achieve this:
- An application to monitor in almost real-time the compliance to some of the mandatory Cybersecurity controls based on the input provided by different tools already in place (e.g., vulnerability scan, patch management, CMDB, etc.) and presenting a unified vision with a scoring system based on the risk level of the monitored applications.
- A Cybersecurity training for admins, technical managers and business leaders in charge of applications and the infrastructure below. This training compiles the most relevant cybersecurity body of knowledge, and it is tailored to each responsible role.
The Cybersecurity Governance Expert for internal compliance monitoring will be in charge of the maintenance and evolution of both the training artifacts (wikis, web-based training, test questions, etc.) and the application for cybersecurity regulations compliance monitoring and reporting (by gathering requirements/issues and formalizing them).
Example tasks to be performed as part of the job in the two mentioned areas:
- Application manager for the compliance monitoring tool (INSIGHT):
- Requirements gathering and analysis.
- Change management and specification analysis.
- Adapt the tools to new security regulations or changes to existing ones.
- Review & integration of new internal security-relevant data sources to the monitoring tool.
- Coordination of external developers
- Sprint & release planning in coordination with Cybersecurity Reporting platform team
- Incident & problem Management: Support the resolution of bugs. Developing documentation & training
- Building new and updating existing reports for different partners.
- Single point of contact to all user requests concerning the penalty point system and its consequences.
- SPOC for Key User Community, user requests and communications.
- Updating and adding new content to the training to ensure is aligned with updated cybersecurity policies and requirements as well as with latest technology developments.
- Tracking and monitoring the training progress.
- Coordinate with external or internal providers to maintain and evolve the Web-Based-Training material
- Ensure the adequacy, completeness and validity of questions for the certification test.
- Build up a network of contacts with all Siemens IT and business areas worldwide to be the trusted point of contact to locate new users for the training and awareness. Become the single point of contact for all support requests of the 3 target groups.
What do I need to qualify?
- Master’s degree or equivalent in information security, computer science or engineering.
- Passed exam for one or more security certifications like CISSP, CISM or similar would be valuable (not necessary currently holding the certification)
- more than 6 years of experience in cybersecurity.
- Experience in steering development projects.
- Experience in gathering and formalizing requirements.
- Experience creating security awareness and training materials.
- Experience or knowledge in Agile methodology (usage of JIRA, Confluence).
- Knowledge on ISO and NIST Cybersecurity Frameworks
- Experience in Software Lifecycle Management would be valuable.
- Knowledge on Industrial Security Frameworks would be valuable.
- English fluent proficiency, German is a plus
- Strong communication skills.
- Creativity and innovation
- Interest and drive to continuously improve.
- Basic knowledge on SQL.
You can work from either of our Cybersecurity hubs (Lisbon or Madrid). Please, submit your CV in English.
Join us! Together we can make our digital world more secure.
Do you want to know more about Cybersecurity at Siemens? www.siemens.com/cybersecurity
Diversity at Siemens is our source of creativity and innovation. Having different types of talent and experience makes us more competitive and better able to respond successfully to society's demands. That's why we value candidates who reflect the diversity we enjoy in our company.
Company: Siemens Holding S.L.
Experience Level: Experienced Professional
Job Type: Full-time