Annapurna are partnered with a leading KRITIS organisation to support them in a search for an IT Risk & Security Manager, which reports directly to the CIO.
This individual is responsible for translating the IT risk requirements into actionable security measures and technical controls. Whilst ensuring security protocols align with the business objectives and regulatory standards, in addition to developing performance metrics to monitor and report on the effectiveness of IT security initiatives.
Key Responsibilities
- Develop and enforce security governance frameworks, ensuring alignment with organizational and regulatory requirements.
- Oversee IT risk assessments, audit preparations, and compliance evaluations.
- Implement security awareness programs to foster a culture of cybersecurity across the organization.
- Lead security operations, including incident response and escalations, ensuring rapid resolution of security events.
- Drive key security projects, from inception through to completion, ensuring they meet strategic objectives.
- Advance operational technology (OT) security measures and governance protocols to protect critical infrastructure.
- Manage external penetration tests to assess and strengthen system resilience.
Qualifications:
- Bachelor’s degree in Information Systems, Cybersecurity, or a related field (or equivalent work experience).
- An advanced degree (MBA, MS in Information Security) is desirable.
- Proven leadership skills, with the ability to guide and motivate both security and IT operations teams.
- Proficiency in creating, implementing, and enforcing security policies, procedures, and frameworks.
- Familiarity with common information security frameworks such as ISO 2700x, ITIL, TISAX, and COBIT.
- Experience with OT security frameworks is an advantage.
- German fluency at C2 level is mandatory.
