Your Tasks:
* Conducting regular risk and threat analyses to review the ICT risk management framework, assess the effectiveness of risk controls and ensure compliance with regulatory requirements and internal Group guidelines.
* Continuous monitoring of information security measures and reporting to management to assess the risk situation and, based on this, supporting management in determining risk appetite.
* Independent development and implementation of measures to minimize risk (e.g. development of clear security guidelines that regulate the handling of sensitive data and IT resources. Regular information on current threats and security measures, etc.).
* Ensuring the proper handling, classification and internal (relevant bodies within TKG) and external (supervisory authorities) reporting of ICT-related incidents.
* Ensuring compliance with the requirements of the DOR Regulation by third-party providers, in particular monitoring and evaluating the security measures of third-party providers.
* Promoting security awareness within the company, particularly in connection with the initiation and coordination of training and awareness-raising measures on information security for employees.
* Coordinating the implementation of the information security requirements of the shareholder TFSC (GISG = Global Information Security Group) for TKG and the TKG Group. This also includes supporting the annual security assessments by the GISG.
* Ensuring coordination and cooperation with the data protection officer and risk management for third parties.
* Performing the function of Information Security Officer (ISO) in accordance with the legal requirements for TKG, TKG Institute and TKG Group.
* Coordination of tasks between the first (1LOD) and second (2LoD) line of defense, in particular prior to the implementation of strategic measures.
* Accompanying and coordinating external audits in connection with information security (statutory audits, central bank regulatory audits, audits of deposit guarantee funds, etc.).
* Leading, motivating and developing a team in line with the Toyota Way and the company's leadership principles.
Your Profile:
* Successfully completed university degree with a focus on IT, cyber security, risk management or a comparable field of study
* At least four years of professional experience in the field of information security, ideally in the financial sector or at a vehicle manufacturer's bank
* Proven experience in the implementation of regulatory requirements, in particular DORA
* Sound knowledge of ISO 27001, ideally combined with corresponding certifications, e.g. CISA, CISM, COBIT, CISSP
* Experience with governance risk compliance (GRC) and incident management tools
* Strong analytical and problem-solving skills
* Strong communication skills combined with negotiation skills
* Collaboration in an international and multicultural environment
* Business fluent in English