Share this Job
Create Alert

Corporate Information Security & Risk Manager

Date: 26-Jun-2019

Location: Lisbon, Portugal

Company: Panalpina

Req ID: 159557
Job Function: IT
Full-Time/Part-Time: Full-time
Contract Type: Permanent
Job Level: Professional

The Panalpina Group is one of the world's leading providers of supply chain solutions, combining its core products of Air Freight, Ocean Freight, and Logistics to deliver globally integrated, tailor-made end-to-end solutions. The Panalpina Group operates a global network with some 500 offices in more than 70 countries, and employs around 16,000 people worldwide.

We are looking to hire a Corporate Information Security & Risk Manager for our Centre of Excellence (CoE) in Portugal.

Purpose of the position:

* Support the information security governance & risk management capabilities. These include the reviewing, implementing and overseeing information security governance model, security policy & compliance framework and security risk management practice.

* Monitoring the adherence to corporate security policies as well as ensuring security controls’ effectiveness.

* Partner with IT, business groups, project teams and 3rdparties to ensure protection of confidentiality, integrity and availability of Panalpina information assets

Key Tasks include:

· Define and implement Panalpina’s risk-based information security strategy and roadmap

· Develop, implement and enforce Panalpina’s information security policies standards, controls and processes

· Track developments of cyber and information security standards, while assessing the adequacy of the security controls to ensure continual improvement

· Drive, mature, and improve organizational security, risk identification and remediation processes, and risk tracking mechanisms

· Conduct security risks assessments for applications, business processes, vendors, and other use cases

· Provide security advice and guidance to IT projects, operations, as well as to business functions; support in implementing security requirements

· Respond to and assist with audits, assessments, compliance requests and support RFPs, RFIs, RFQs

· Partner with all areas of the business, including internal auditors, legal, IT and business partners and promote cyber security and risk awareness across business functions and regions

Knowledge and experience required:

* A Bachelor’s or Master’s degree in Information Technology, Computer Science or Cyber Security

* Minimum 5 years of experience in information security, risk management and/or IT audit experience

* Strong IT knowledge and understanding of information security management frameworks (such as ISO/IEC 27001, COBIT or NIST), audit methodologies and regulatory requirements pertaining to information security, privacy and/or data security

· Expertise in principles, practices, and techniques related to cyber and information security, strong skills in information security scanning and auditing tools as well as business continuity and disaster recovery

· A professional information security certification, such as CISM, CISSP, CISA, CRISC – is preferred

* Hands-on experience in one or more areas: secure web application development, security engineer, secure systems administration – is preferred

* Excellent planning, documentation writing and communication skills

* Highly fluent English skills, both written and verbal, are required