Information Security Officer

About Siemens Digital Industries Software

At Siemens Digital Industries Software, the Mendix organization is seeking a proactive and expert Information Security Officer to join the team. In this critical role, you will be instrumental in safeguarding information assets, ensuring compliance with evolving regulatory landscapes, and encouraging a robust security culture across the organization. This position offers a significant opportunity to contribute to the integrity and resilience of the digital infrastructure.

What you'll be doing

As an Information Security Officer, you will be responsible for a range of strategic and operational security initiatives, including:

• Control Design & Operating Effectiveness: Design and evaluate the effectiveness of security controls, assessing their ability to mitigate risks and recommending improvements to ensure they operate as intended and achieve desired security outcomes.
• Compliance Monitoring & Reporting: Proactively monitor compliance against various security frameworks and regulatory requirements (e.g., NIST, ISO 27001, SOC I & II, C5, ISO 42001). Provide actionable recommendations based on standards and report on progress to relevant stakeholders.
• Audit Support: Support internal and external audits by gathering, assessing, and providing necessary evidence to demonstrate compliance.
• Evidence Lifecycle Management: Manage the entire lifecycle of security evidence, from collection and secure storage to version control and eventual archival, ensuring its integrity and availability for audits and compliance checks.
• Policy & Standard Development: Research, establish, and maintain robust information security policies, standards, and procedures tailored to specific organizational needs and emerging threats.
• Security Culture & Communication: Communicate effectively about information security risks, standards, and policy updates, fostering a strong security-conscious culture across the organization.
• Control Implementation & Maintenance: Collaborate with applicable departments to ensure security controls are effectively implemented, maintained, and continuously optimized.

What you'll bring

We are seeking a dedicated professional with a solid foundation in information security and a proactive approach to risk management.

Skills & Qualifications

• Experience: 3-5 years of progressive experience in an Information Security, IT Audit, or Compliance role, demonstrating a solid understanding of information security principles and practices.
• Cloud Security Expertise: Solid understanding of security operations, controls, and best practices within cloud environments (e.g., AWS, Azure, GCP). Experience with cloud security frameworks and tools is highly desirable.
• Framework & Regulation Knowledge: In-depth knowledge and practical experience with a range of information security standards, frameworks, and regulations (e.g., ISO/IEC 27001 family, GDPR, SOC 2 Trust principles).
• Enterprise IT Familiarity: Familiarity with enterprise data environments, system integrations, and software development lifecycles (SDLC).
• Certifications: An independent and active information security certification (e.g., CISM, CISSP, ISO 27001 Lead Implementer, CompTIA Security+) is required.
• Analytical & Problem-Solving: Exceptional analytical and problem-solving abilities to perform detailed gap analyses, identify root causes, and develop practical, effective security solutions.
• Communication: Excellent written and verbal communication skills in English, with the ability to articulate complex security concepts clearly to both technical and non-technical audiences.
• Initiative & Collaboration: High level of initiative, self-direction, and the ability to work independently while also being a strong team player and collaborating effectively across departments.

Why Siemens?

• Impactful Role: The opportunity to play a pivotal role in protecting critical information assets and ensuring compliance in a rapidly evolving digital landscape.
• Professional Growth: Continuous learning and development opportunities to expand your expertise in cutting-edge information security practices and technologies.
• Collaborative Environment: A supportive and inclusive team environment where your contributions are valued, and collaboration is key to collective success.