BASF
Website:
basf.com
Job details:
Main Tasks:
- Ensuring Compliance with Security and Regulatory Requirements: Monitor and assess adherence to legal, regulatory, and internal requirements in information security and data protection.
- Conducting Audits and Assessments: Plan, coordinate, and execute internal and external audits as well as risk and compliance assessments to identify vulnerabilities and areas for improvement.
- Consulting and Training: Support and raise awareness among business units and employees on compliance and security topics; conduct awareness trainings.
- Risk Management: Identify, assess, and track risks related to information security and compliance; develop and implement risk mitigation measures.
- Reporting and Communication: Prepare compliance status reports and communicate results and recommendations to management and relevant stakeholders.
- Collaboration with Internal and External Partners: Work closely with IT, data protection, legal, internal audit, as well as external auditors and authorities.
- Preparation and Support of Certifications: Assist in the preparation and execution of certifications (e.g., ISO 27001, TISAX) and ensure ongoing compliance with requirements.
- Continuous Improvement: Analyze incidents, derive lessons learned, and continuously enhance compliance and security processes.
Minimum Education and Qualification Requirements for the Position:
- Degree in IT, business informatics, engineering, or a comparable qualification.
- Several years of professional experience in information security, compliance, audit, or risk management.
- Knowledge of relevant standards and legal requirements (e.g., ISO 27001, GDPR, NIS2).
- Analytical thinking, strong communication skills, and assertiveness.
- Certifications such as CISA, CISM, CISSP, or ISO 27001 Lead Auditor are an advantage.
Soft Skills:
- Exceptional collaboration and interpersonal skills with a proven ability to foster cooperation and empower a diverse team.
- Strong strategic thinking and problem-solving capabilities.
- Excellent communication and interpersonal skills, facilitating effective collaboration with diverse stakeholder groups at all levels.
Tools and Technology Skills:
- Proficient in GRC tools for managing governance, risk, and compliance processes, ensuring effective integration and reporting.
- Familiarity with security frameworks and compliance standards such as ISO 27001, NIS2, and the Cyber Resilience Act, etc., to ensure proper alignment with regulatory requirements.
- Proficiency in utilizing collaboration tools such as M365 and SharePoint to streamline communication and documentation within teams.
Click on Apply to know more.