With its 7,000 employees, Siemens Corporate Technology (CT)works hand in hand with the company’s business units to ensure Siemens’ future.
CT conducts research with internal and external partners, including leadinguniversities and promising start-ups. These collaborative endeavours focus on awide range of future technologies with a view to securing them with patents andsupporting them through commercialization.
CT also provides developmentservices for Siemens’ business units and supports them with methods and toolsrelated to business excellence.
We are looking for a Senior Auditor - ISO 27001 (m / f)
What are my responsibilities?
Lead cyber security monitoring team withinternal and externals personnel
Prepare and conduct IT Security ISO 27001 / NISTaudits and coordinate friendly hacking activities on Siemens systems, products,solutions and services
Discuss on eye-to-eye level with securityarchitects to challenge their assumptions and improve their solutions wheneverpossible
Design attack scenarios to jeopardizestate-of-the-art technologies and prove if they are vulnerable.
Drive pre-27001-audit planning and performanalysis to ensure a baseline understanding of the IT landscape under the scopeand the related processes and controls
Provide timely status updates to the engagementmanager, ensure escalation of potential issues and actively seek clarificationon engagement task requirements
Use analytical skills to identify root causes offindings and assist clients in developing improvement measures
Participate in closing meetings with management
Sponsor new IT Security related internalprocesses, tools and documentation improvements
Provide insight and conduct research on latestdevelopments in IT security technologies and threats
Lead engagements reporting to high management
Coach Cybersecurity analysts and workingstudents
What do I need to qualify for this job?
Strong academic history (university degree inIT, Computer Science,Engineering or other related fields)
At least 4-6 years of professional experiencewithin Siemens or a related industry, or a Big 4’ accounting firm in thefields of IT security audit, cyber security, penetration testing and / ordevelopment of industrial IT services and solutions
Willingness to learn about the latest trends incybersecurity and keep up to date in a continuously challenging environment.
ISO 27001 lead auditor a plus
Experience with agile methods / SCRUM
Profound knowledge of some of the following : ,cybersecurity, SAP security, SCADA, Web application testing, mobile security,IT general controls, data protection and information security requirements,industrial security controls, software development lifecycle, COBIT
Solid project management skills, with experiencein working in multicultural environments
Good scripting and programming skills preferredbut not required
Good communication and presentation skills
Fluent in English (spoken and written)
Willingness to travel up to 80% of your timeglobally (main country Germany)
Motivated, creative, proactive, innovative,communicative, with solid analytical skills, self-guided way of working
Certifications like OSCP, CEH, CISSP, CISA, CISMpreferred but not required
Organisation : Global Services
Experience Level : Professional
Job Type : Full-time