Global IT Security Governance Risk and Compliance Lead (m/f/d)

at  Olympus Europa SE Co KG OEKG

Your responsibilities

• Assist Global IT Security Head with day to day activities, including and not limited to IT Governance, Security Architecture reviews, Security Operations, IT Security Projects, Compliance, Policies, Controls, Standards, Audits, Global/Regional Regulations, IT budget preparations, Board meetings, CxO reviews and presentations, etc.
• Working on an alternate shift to support Head of IT Security to cover global region 24/7.
• Accountable for GRC capability areas such as enterprise security risk management, compliance management, policy management, security awareness training, third party risk management, metrics and reporting.
• Ensure Cyber security policies and procedures are communicated to all personnel and that compliance is enforced.
• Update the Cyber Security strategy to leverage new technology and threat information.
• Drive to perform periodic reviews of Olympus security compliance programs to support various compliance regulations both regional and global.
• Oversee IT Security Projects in all regions.
• Accountable to ensure compliance with the changing laws and applicable regulations.
• Lead the Global GRC teams, employees, contractors and vendors including hiring and mentoring.
• Accountable to own and manage the GRC tool with updated IT risk register, controls, gaps, remediation and reporting.
• Coordinate and track all information technology and security related audits.
• Work closely with MSP’s, and business teams to drive towards a cohesive view of security risk and drive open remediation items to closure globally.
• Direct and approve the design of IT Security systems.
• Brief the executive team on IT Security status and risks, including taking the role of champion for the overall strategy and necessary budget.
• Communicate best practices and risks to all parts of the business, outside IT.
• Partner with a regional CIO to be key contact for security initiatives, understanding and supporting regional business requirements and represent the global security team in Information Security & Privacy and other business meetings.
• GRC Lead will work closely with other security tower leads to provide guidance and mentorship (ex; Security Architecture, Identity Access Management, Security Operations, etc.).
• GRC Lead will be responsible for managing the global GRC team with direct reports in USA, EMEA, China, Japan and Asia-Pacific.
• Manage the Global GRC team, including hiring.
• Provide training and mentoring to Security team members.
• Making sure regional support is available for collaboration with Olympus businesses and MSPs.
• Ensuring regional teams are appropriately skilled in IT Security, and providing recommendations to global IT Security Head if upskilling is required.
• Presenting monthly IT Security KPIs to leadership team.
• Initiate quarterly/mid-year/yearly reviews of GRC team, provide feedback and assess growth potential.
• Develop methods to monitor and measure skills and capabilities of GRC team.
• Provide regional support for any security incidents or operational issues; and other responsibilities / duties as assigned.

Your qualification

• A minimum of a Bachelor’s degree IT/ Information Systems / Business/ Technology.
• Should hold at least one security certification (ex: CISM, CISSP, CISA, CRISC, CCSK, Certified CISO, PMP, etc.)
• Minimum 12 years of Information Technology/Security work experience collaborating with different parts of the organization; emphasis on developing and implementing IT Security Policies, standards and procedures that lead to substantive improvements in Information security compliance with large scale companies.
• At least 10 years of Leadership and/or Management experience.
• At least 7 years of experience in Information Security Governance.
• Knowledge of industry leading Information Security protection practices.
• Thorough Knowledge and understanding of Cybersecurity Frameworks, like ISO 27001/27002, NIST, CoBiT, BCM, ITIL, GDPR, ITAR, SOX (JSox) and IT Risk Management.
• Internally and externally recognized subject matter expert that influence the way things are done.
• Demonstrated consulting skills, with IT Security concepts and strategies, including communication, culture change and performance measurement system design.

• Embrace and lead change effectively and cultivate an environment of security driven thinking, innovation, experimentation, rigor and continuous improvement.Results oriented, high energy, inspirational and self-motivated leader.

Your benefits

• Flexible working hours, remote work possible (up to 60%)
• 30 days of holidays per year
• Modern office and an inspiring working environment
• Employee restaurant with live cooking and healthy food (subsidized)
• Public transport ticket (100 % subsidized) or free parking space
• Company sport groups and an inhouse company gym
• Employee Assistance Program to support your health, mental and emotional well-being
• A comprehensive company pension scheme
• Company medical officer and vaccination offers
• Childcare through our ‘Buttje&Deern’ partner
• Bike leasing

• Assist Global IT Security Head with day to day activities, including and not limited to IT Governance, Security Architecture reviews, Security Operations, IT Security Projects, Compliance, Policies, Controls, Standards, Audits, Global/Regional Regulations, IT budget preparations, Board meetings, CxO reviews and presentations, etc.
• Working on an alternate shift to support Head of IT Security to cover global region 24/7.
• Accountable for GRC capability areas such as enterprise security risk management, compliance management, policy management, security awareness training, third party risk management, metrics and reporting.
• Ensure Cyber security policies and procedures are communicated to all personnel and that compliance is enforced.
• Update the Cyber Security strategy to leverage new technology and threat information.
• Drive to perform periodic reviews of Olympus security compliance programs to support various compliance regulations both regional and global.
• Oversee IT Security Projects in all regions.
• Accountable to ensure compliance with the changing laws and applicable regulations.
• Lead the Global GRC teams, employees, contractors and vendors including hiring and mentoring.
• Accountable to own and manage the GRC tool with updated IT risk register, controls, gaps, remediation and reporting.
• Coordinate and track all information technology and security related audits.
• Work closely with MSP’s, and business teams to drive towards a cohesive view of security risk and drive open remediation items to closure globally.
• Direct and approve the design of IT Security systems.
• Brief the executive team on IT Security status and risks, including taking the role of champion for the overall strategy and necessary budget.
• Communicate best practices and risks to all parts of the business, outside IT.
• Partner with a regional CIO to be key contact for security initiatives, understanding and supporting regional business requirements and represent the global security team in Information Security & Privacy and other business meetings.
• GRC Lead will work closely with other security tower leads to provide guidance and mentorship (ex; Security Architecture, Identity Access Management, Security Operations, etc.).
• GRC Lead will be responsible for managing the global GRC team with direct reports in USA, EMEA, China, Japan and Asia-Pacific.
• Manage the Global GRC team, including hiring.
• Provide training and mentoring to Security team members.
• Making sure regional support is available for collaboration with Olympus businesses and MSPs.
• Ensuring regional teams are appropriately skilled in IT Security, and providing recommendations to global IT Security Head if upskilling is required.
• Presenting monthly IT Security KPIs to leadership team.
• Initiate quarterly/mid-year/yearly reviews of GRC team, provide feedback and assess growth potential.
• Develop methods to monitor and measure skills and capabilities of GRC team.
• Provide regional support for any security incidents or operational issues; and other responsibilities / duties as assigned