Head of Security (m/f/d)

at  GieseckeDevrient

G+D MAKES THE LIVES OF BILLIONS OF PEOPLE AROUND THE WORLD MORE SECURE. WE CREATE TRUST IN THE DIGITAL AGE WITH INTEGRATED SECURITY TECHNOLOGIES IN THREE BUSINESS AREAS: DIGITAL SECURITY, FINANCIAL PLATFORMS AND CURRENCY TECHNOLOGY. WE HAVE BEEN A RELIABLE PARTNER FOR OUR CUSTOMERS FOR OVER 170 YEARS WITH OUR INNOVATIVE SOLUTIONS FOR SECURITYTECH! WE ARE AN INTERNATIONAL TECHNOLOGY GROUP AND TRADITIONAL FAMILY BUSINESS WITH OVER 14,000 EMPLOYEES IN 40 COUNTRIES. CREATING CONFIDENCE IS OUR PATH TO SUCCESS. TRUST IS THE BASIS OF OUR CO-OPERATION WITHIN G+D. MAYBE SOON FOR YOU TOO?

G+D makes the lives of billions of people more secure. We develop innovative products and solutions to secure payments, identities, connectivity and data. With more than 160 years of experience and new passion every day. As an international technology group and traditional family business with over 14,000 employees in 32 countries. We are convinced that various central banks will introduce a digital version of their currency, a so-called Central Bank Digital Currency (CBDC) in the coming years. This will create an entirely new market for products and services that fit perfectly with Giesecke+Devrient’s product portfolio. It especially requires an outstanding team to deliver a disruptive innovation of that magnitude. For this, we have set up G+D advance52 GmbH as an independent start-up with a team that has a clear mission for growth and to create a substantial product business.Security is the most crucial prerequisite for the introduction and operation of a CBDC ecosystem. In this domain we expect yet to be defined security standards way beyond standard payment rails. We need to ensure that we guarantee the required security in terms of our technical design, the product portfolio we build, the operation of a CBDC ecosystem and also from an organizational perspective. We are therefore looking for a Head of Security - CBDC (m/f/d) to take on these challenging tasks and ensure that we provide the level of trust that G+D has been valued for by its customers for 170 years.

DESIRED EXPERIENCE:

• Master degree in computer science, security / information security or a related field including engineering, mathematics, physics and other STEM subjects, or equivalent professional experience (5+ in a comparable position in industry or public functions)
• Several years of professional experience in security management functions
• Experience with internal investigations and incident management
• Relevant certifications in the field of Information Security Management is an advantage (e.g. CISA, CISM, ISO 2700x Auditor)
• Knowledge and practical experience in the application of relevant standards and norms (e.g. ISO 27xxx, Common Criteria, PCI SSC guidelines, NIST Cybersecurity Framework)
• Experience with security audits, certifications and the planning, implementation and follow-up of internal and external audits in connection with the group risk management system
• Distinct ability to communicate security problems in a target group-oriented manner
• Plus: Experience in IT-security on a critical infrastructure/governmental level
• Plus: Knowledge and practical experience in the application of relevant standards and norms (e.g. OWASP SAMM, Common Criteria, PCI SSC guidelines, NIST Cybersecurity Framework)

• Define and continuously assess the security strategy of our CBDC product offering
• Derive the security requirements of the solution, on individual component and on system levels, based on the business use cases and in close alignment with the corporate security strategy
• Develop and maintain a security management system that fosters appropriate training and awareness related to software development security, including secure coding practices and threat modelling
• Conduct and coordinate internal security audits of software development processes and tools, and manage external audits related to software development practices
• Ensuring Compliance with Security Standards: Establish, improve and maintain adherence to an information security management system (such as ISO 27k) as well as internal policies
• Constantly raise awareness for security related topics among all teams and give advice how to implement relevant security measures into our development processes and secure operations
• Authority to lead major security related incident-, emergency- and crisis situations and represent G+D advance52 in a corporate crisis team in case of overarching security incidents
• Point of contact for security relevant industry organizations, other customer’s security departments and relevant authorities