Information Security Consultant/ Cyber risks Manager
About the Role
Location Portugal Lisboa Amadora Remote vs. Office Hybrid (Remote/Office) Company Siemens Energy Unipessoal Lda. Organization EVP Global Functions Business Unit Digital Core Full / Part time Full-time Experience Level Early Professional
A Snapshot of Your Day
Starting the morning, you will be discussing with colleagues from different areas and backgrounds what are the current meaningful topics in our company and their related cyber risks that require assessments to be conducted and then work with them to build significant risk assessment plans. Before noon, you will have already engaged with business or IT colleagues to understand how they are implementing controls and mitigating the risks you have identified priorly. In the end of the day, you will be finishing your report presentation showing the improvements points (if found) the identified risks stakeholders will have to implement in order to mitigate them accordingly the expected.
How You'll Make an Impact
1. Support corporate and manufacture business areas certifying for ISO 27001 standard
2. Support the business to remediate nonconformities found in ISO 27001 assessments and to defend the ISMS against external ISO Auditors
3. Planning and performing 2nd line of defense security assessments regarding IT and OT infrastructures, products, solutions, services and their related processes and controls
4. Support business, IT and cybersecurity areas identifying cyber risks and defining their managing strategies
5. Driving Cybersecurity improvement projects throughout the development and procurement lifecycle together with the stakeholders
6. Identifying root causes of findings and assisting business and other functions in developing improvement measures
7. Both participating or leading project closing meetings with management and mentoring working students and junior collaborators.
What You Bring
8. University degree in Information Technology, Engineering or similar, certificates such as ISO 27001 lead auditor, CISSP, CISA and CISM are a plus.
9. 1+ years of professional experience in any of the following: IT audit, information security, cybersecurity, IT risk management, IT GRC, IT general controls, or development of industrial IT services and solutions.
10. Very good knowledge of ISO 27001 and some of the following: cybersecurity, IT governance, IT audit, COBIT, OT security (IEC 62443), secure software development lifecycle.
11. Knowledge of some of the following is a plus: SCADA/ICS, cloud security, agile methodologies, mobile security, data protection, ITIL, network security.
12. Willing to travel and therefore demonstrate business-fluent English language skills (English on a C1 level). German and Portuguese language skills are a plus.
13. Very good communication and presentation skills as well as are willing to learn about the latest trends in Cybersecurity and keep up to date in a continuously challenging environment.
14. Furthermore, you bring multicultural sensitivity, innovative thinking with proven analytical skills.