The Information Security Officer is responsible for the implementation and execution of the Siemens Information Security Regulations for Information Technology and Operations Technology within Siemens Regional Company of Czech Republic in full alignment with the Global Siemens Cybersecurity Strategy.
He is reporting to the Cybersecurity Officer of Czech Republic.
· Support of the Country Cybersecurity Officer in the identification of cybersecurity (IT, OT, PSS) demands of country Operating Companies, Functions and local/regional IT business partners
· Identification and analysis of local Information Security demands / gaps in Information Security awareness and processes and collaborate with the Operating Company and global Cybersecurity for the development and roll-out of appropriate solutions
· Development and execution of Information Security awareness campaigns and Trainings in the area of responsibility.
· Drive capability and innovation for existing and new Cybersecurity topics and solutions in area of responsibility.
· Support the Country Cybersecurity Officer in establishing and maintaining key relationships, collaborations and partnerships for the awareness and improvement of Information Security all Business Units/Function and IT
· Collaboration with all business units to identify business critical assets and to protect these assets according to Siemens standards (e.g. Asset Classification & Protection, Risk Management, etc.).
· Ensure that IT Asset Owners and Managers understand Information Security requirements and related security measures in accordance to business-criticality of IT/OT/business assets
· Lead country Cybersecurity Community in all aspects of Information Security.
· Consult all country business units regarding Siemens’ Information Security rules and regulations, identifies required improvements/changes and ensures there implementation.
· Support country business units in ISO 27001 / IEC 62443 certification
· Supports planning, budgeting and roll-out of Information Security processes, tools and/or solutions
· Collaboration with local production site / plant management and OT security experts regarding production security and relation/ integration with Information Security
· Responsible to drive implementation and execution of all Cybersecurity processes (e.g. Risk management, Exception Handling, Incident Management, Vulnerability Management, Continues Improvements, etc. ) in area of responsibility.
· Collaborate with local/regional IT management to ensure all Information Security-related controls and measures are implemented, managed, controlled and reported
· Define, monitor, manage and report Information Security performance targets for area of responsibility, aligned with overall Information Security Strategy and IT Information Security performance metrics.
Responsible for participating
in and directing the Information Security Incident Handling Process in
accordance with the role assigned to him/her during the declaration of an Information
Security incident (this role may span from managing the process and all team
members, or participating as a key member under a designated lead).
Responsible for reporting Information Security incidents in accordance with the Information Security Incident Handling process
· Engage with Enterprise Risk Management for Information Security risks in country and understands it from a business and region/country point of view to foster greater understanding of managing enterprise risks as it relates to cyber security threats and the broader threat landscape
Job ID: 192334
Organization: Digital Industries
Company: Siemens, s.r.o.
Experience Level: Mid-level Professional
Job Type: Full-time