Head of Security (m/f/d)

Über uns

Die Spryker Systems GmbH ist eine schnell wachsende Technologie-Company, das führenden Herstellern, Marken und Händlern aller Industrien eine flexible Commerce Lösung entlang aller Kunden-touchpoints bietet. Vom Onlineshop über Mobile, Voice, Chatbots, Blockchain oder IoT Anwendungsfälle. Unsere modern ausgestatteten Büros befinden sich in den digitalen deutschen Metropolen Berlin und Hamburg.
Das internationale Spryker-Team arbeitet ständig mit neuen, spannenden Kunden, Technologien, innovativen Ansätzen und ist auf der Suche nach talentierten Mitarbeitern, die mit uns die digitale Commerce Welt revolutionieren wollen.

In aller Kürze

In spite of corona, our business is thriving, digital transformation is on a new rise, so come and join us, we are rapidly growing!

Spryker is seeking a Head of Security. The Head of Security is responsible for the organization's Security Program including but not limited to daily operations of the IT security program, oversight of the annual and ongoing risk assessment process, development, implementation, and maintenance of policies and procedures.

The Head of Security serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies. A key element of this role is working with executive management to determine acceptable levels of risk for the organization.

This position is responsible for establishing and maintaining a corporate-wide Information Security Management System to ensure that information assets are adequately protected, as well as investigation and tracking of incidents and breaches and in compliance with GDPR requirements, ISO2700x and SOC2 standards, and laws.

Deine Herausforderungen

  • Develop, implement and monitor a strategic comprehensive information security program that defines, develops, maintains and implements policies and processes that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality and availability of information that is owned, controlled and processed within the organization. Ensures information security policies, standards, and procedures are up-to-date.
  • Work directly with the business units to facilitate risk assessment and risk management processes
  • Initiates, facilitates, and promotes activities to foster information security awareness within the organization.
  • Creates a culture of cyber security both with the IT organization and driving behavioral changes for the business.
  • Evaluates security trends, evolving threats, risks and vulnerabilities and applies tools to mitigate risk as necessary.
  • Ensure that the disaster recovery, business continuity, risk management and access controls needs of the facility are addressed.
  • Establishes and administers a process for investigating and acting on security incidents, which may be related to privacy breaches.
  • Partner with business stakeholders across the company to raise awareness of risk management concerns

Dein Profil

    • 7+ years of experience of experience in a combination of risk management, information security and IT jobs
    • An owner of a bachelors or masters degree in computer sciences or a technology-related field required
    • Professional security management certification (e.g. CISSP or CISM)
    • Knowledge of common information security management frameworks, such as ISO/IEC 2700x, SOC2 and NIST.
    • An overall understanding of the scripting and source code programming languages, such as PHP, Python, JavaScript, etc.
    • 5+ years of experience with information security enterprise technology such as: Firewalls, SIEM, VPN, DMZ, MFA, WAF, Intrusion Detection/Prevention, Encryption, Anti-virus, Cloud security, SOC operations, identity management, etc.
    • Excellent written and verbal communication skills and high level of personal integrity
  • Nice to have:
    • Experience in administering UNIX/Linux systems and services
    • Specific experience in Agile (SCRUM) software development or other best in class development practices.
    • Experience with Cloud computing/Elastic computing across virtualized environments (AWS, Azure, GCP).
    • Experience with OWASP, CSA frameworks and CIS Benchmarks
    • Experience with security assessment, network scanning and penetration testing tools
    • In depth project management skills

Das bieten wir – 5 Gründe Teil des Spryker Teams zu werden

  • We challenge and grow: our mission is to provide each Sprykee with a framework for holistic and regular 360 feedback and personal and professional development, enabling you to master daily challenges and develop personal and professional skills.
  • We care about our herd: we provide you with great onsite experience within our office and beyond. To support your health we offer fresh fruits, healthy cereals, and cool drinks, discounts on Urban Sports memberships, height-adjustable/standing desks, and free flu vaccinations. To invest in your future, we offer a company pension scheme and free German language classes.
  • We celebrate our success: company events, team events, thanksgiving dinners, “Glühwein” nights, regular “herd events” such as cocktail mixing workshops, BBQ, movie nights and many more allow you to get in touch and exchange with colleagues living the Spryker spirit.
  • We focus on our vision: join an ambitious journey while having the perks of being responsible for your own time management, flexible working hours, and home office.
  • We live constant innovation: constant innovation is not only essential to our product but the key to our DNA in all areas of business: Choose between newest hardware versions e.g. Mac or Lenovo laptops and work on the latest business models and technologies.