Über unsDie Spryker Systems GmbH ist eine schnell wachsende Technologie-Company, das führenden Herstellern, Marken und Händlern aller Industrien eine flexible Commerce Lösung entlang aller Kunden-touchpoints bietet. Vom Onlineshop über Mobile, Voice, Chatbots, Blockchain oder IoT Anwendungsfälle. Unsere modern ausgestatteten Büros befinden sich in den digitalen deutschen Metropolen Berlin und Hamburg.
Das internationale Spryker-Team arbeitet ständig mit neuen, spannenden Kunden, Technologien, innovativen Ansätzen und ist auf der Suche nach talentierten Mitarbeitern, die mit uns die digitale Commerce Welt revolutionieren wollen.
In aller KürzeIn spite of corona, our business is thriving, digital transformation is on a new rise, so come and join us, we are rapidly growing!
Spryker is seeking an Information Security Officer. The Information Security Officer is responsible for the organization's Security Program including but not limited to daily operations of the IT security program, oversight of the annual and ongoing risk assessment process, development, implementation, and maintenance of policies and procedures.
The Information Security Officer serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies. A key element of this role is working with executive management to determine acceptable levels of risk for the organization.
This position is responsible for establishing and maintaining a corporate-wide Information Security Management System to ensure that information assets are adequately protected, as well as investigation and tracking of incidents and breaches and in compliance with GDPR requirements, ISO2700x and SOC2 standards, and laws.
- Develop, implement and monitor a strategic comprehensive information security program that defines, develops, maintains and implements policies and processes that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality and availability of information that is owned, controlled and processed within the organization. Ensures information security policies, standards, and procedures are up-to-date.
- Work directly with the business units to facilitate risk assessment and risk management processes
- Initiates, facilitates, and promotes activities to foster information security awareness within the organization.
- Creates a culture of cyber security both with the IT organization and driving behavioral changes for the business.
- Evaluates security trends, evolving threats, risks and vulnerabilities and applies tools to mitigate risk as necessary.
- Ensure that the disaster recovery, business continuity, risk management and access controls needs of the facility are addressed.
- Establishes and administers a process for investigating and acting on security incidents, which may be related to privacy breaches.
- Partner with business stakeholders across the company to raise awareness of risk management concerns
- 7+ years of experience of experience in a combination of risk management, information security and IT jobs
- An owner of a bachelors or masters degree in computer sciences or a technology-related field required
- Professional security management certification (e.g. CISSP or CISM)
- Knowledge of common information security management frameworks, such as ISO/IEC 2700x, SOC2 and NIST.
- 5+ years of experience with information security enterprise technology such as: Firewalls, SIEM, VPN, DMZ, MFA, WAF, Intrusion Detection/Prevention, Encryption, Anti-virus, Cloud security, SOC operations, identity management, etc.
- Excellent written and verbal communication skills and high level of personal integrity
- Nice to have:
- Experience in administering UNIX/Linux systems and services
- Specific experience in Agile (SCRUM) software development or other best in class development practices.
- Experience with Cloud computing/Elastic computing across virtualized environments (AWS, Azure, GCP).
- Experience with OWASP, CSA frameworks and CIS Benchmarks
- Experience with security assessment, network scanning and penetration testing tools
- In depth project management skills
Das bieten wir – 5 Gründe Teil der Spryker Herde zu werden
We integrate work into our lives, not the other way around: To be your most productive, creative, and amazing self, make use of our work from anywhere policy, benefit from flexible and unlimited vacation days and flexible working hours from 6 am to 10 pm. To support your health, in our newly designed offices, we offer fresh fruits, healthy cereals, and cool drinks. Benefit from our remote budget and set up your own personalized mobile office.
We challenge and grow: Our mission is to provide each Sprykee with a framework for holistic and regular 360° feedback as well as for personal and professional development, enabling you to master daily challenges and continuously develop your own skills further via self-learning tools and training. To invest in your future, we offer a company pension scheme and free language classes.
We focus on our vision: Join an ambitious global journey, work and collaborate with masterminds and best in class colleagues while enjoying trust, flexibility, and full ownership to excel in an outcome-oriented environment. Go green with us, Spryker is a climate-neutral company and together with our employees, we support climate action projects. Grasp our vision even better during our regular all-hands and executive Q&A sessions.
We celebrate our success: Knowledge sharing sessions, digital Yoga and work-out classes, thanksgiving dinners, “Glühwein” nights, regular “herd events” such as cocktail mixing workshops, BBQ, movie nights and many more allow you to get in touch and exchange with colleagues living the Spryker spirit and never stop learning.
We live and breathe innovation: Constant innovation is not only essential to our product but the key to our DNA in all areas of business. Choose between the newest hardware versions e.g. Mac or Lenovo laptops and work on the latest business models and technologies. We strive for excellence in everything we do, so help us by providing feedback and suggestions via regular internal pulse surveys.