IT Security Manager – Information Security / Risk Management (m/f/d)

You develop guidelines and framework conditions for information security and ICT risk management. To do this, create concepts, procedure instructions and guidelines. You implement the ICT risk management process in practice and contribute to process improvements. A special focus is on the implementation and control of protection requirements and risk analyses and the definition and control of risk treatment measures. You observe the market on new technologies in the field of information security and ICT risk management, develop proposals for early detection and elimination of vulnerabilities and value CERT notifications to their relevance. You are advising users (m/w/d) on information security and ICT risk management issues and implementing training and awareness-raising measures. Support in the development of a digital operational resilience test program is one of your tasks as well as the cross-checking of appropriate resilience tests. The cooperation or management of BVK-wide projects with regard to information security or ICT risk management is also part of your task. You support the specialist administration of our GRC tool and also work to ensure data protection for our procedures.

You have a completed master or bachelor's degree of (economic) informatics or a comparable qualification with corresponding professional experience. Alternatively, you can demonstrate a completed training in the field of IT and many years of relevant professional experience. You bring sound knowledge in the field of information processing, in particular in the areas of technical IT infrastructure. In addition, you have in-depth knowledge of basic IT protection according to BSI and ISO standard 27001/27002. Compliance rules in the field of finance (e.g. DORA, VAIT) are just as common as regulations in the area of critical infrastructure (KRITIS, NIS2). Ideally, you have already acquired certifications according to BSI-IT-Grundschutz, ISO 27001, CISSP or T.I.S.P. You are familiar with practices of risk management, in particular in the field of information and communication technology. In-depth knowledge in the area of data protection, in particular the General Data Protection Regulation, is also part of your portfolio. You love the challenge of analysing complex issues in order to develop solutions that are independent and independent of demand. In addition, you are characterized by a very good planning and organizational capability. You want to contribute to our team and have fun to promote topics reliably and actively. In addition, it is easy for you to communicate facts precisely and you have a safe occurrence. Very good German knowledge (at least level C1) complete your profile.

a demanding task with social added value in a future-proof workplace. 60% of your working time (remote) from home office with enough room for family and leisure. flexible sliding time control without fixed core time - suitable for your life. an occupational pension scheme financed exclusively by employers' contributions. active support in your continuing education and training. an in-house restaurant with freshly prepared dishes. a versatile health promotion with sports, massage and course offers. Jobticket or parking - as required. a remuneration according to pay group 13 TV-L taking into account your professional experience. an over-tariff supplement with a power cover. .