Team- und Partner-Assistenz (m / w / d)

The Security Consultant is a key player in ensuring the security and integrity of our GKN Automotives technical estate. They are responsible for the design, implementation, and management of security measures to protect information assets, as well as IT and OT infrastructure. As a subject matter expert (SME), they will have deep technical knowledge and provide critical support and assurance throughout the project lifecycle, from initial engagement to post-implementation review. They also contribute to Business As Usual (BAU) processes, including change management and software request evaluations. The Security Consultant identifies potential risks, devises strategies to mitigate them, and ensures adherence to industry standards and regulations. Collaborating closely with various teams, they embed robust security practices into both technology and business operations, safeguarding the organization against evolving threats.

Key Responsibilities

1. Project Assurance: As the security assurance SME, they will lead the integration of security into projects. Provide expert guidance to project teams and business stakeholders, ensuring the development of secure solutions that align with security policy, best practice, and enable business objectives.
2. Security Design: Develop, implement, and maintain security designs to protect the organization’s information assets. Design and oversee the deployment of secure solutions across various platforms, ensuring their integration into the enterprise design.
3. Risk Assessment and Management: Conduct comprehensive security assessments to identify vulnerabilities and threats. Develop and implement effective risk mitigation strategies and plans. Stay informed about the latest cybersecurity threats and update the organization’s defenses accordingly.
4. Policy and Compliance: Ensure the organization’s compliance with relevant regulations, standards, and best practices (TISAX, ISO 27001, NIST, GDPR). Ability to collate evidence and represent artifacts to external auditors.
5. Technical Oversight and Guidance: Provide technical expertise and guidance on security architecture and best practices to IT, cross-functional teams, and business stakeholders. Review and approve security configurations and changes to the IT and OT infrastructure.
6. Collaboration and Communication: Collaborate with IT, development, and business teams to integrate security into all aspects of the organization’s operations. Communicate security risks, incidents, and recommendations to senior management and stakeholders. Stay current with emerging security trends, technologies, and best practices. Continuously evaluate and enhance the organization’s security posture. Participate in industry forums and professional groups to share knowledge and stay informed about the latest developments in cybersecurity.

Skills

• Deep understanding of security principles and practices in projects.
• Extensive experience and technical depth in either network, application, or system security controls in their design and the risks they mitigate.
• Experience with data centre transformation programmes and ERP platforms and transformation programmes.
• Proficiency in security technologies and tools such as cloud technologies, firewalls, IDS/IPS, SIEM, DLP, and encryption.
• Understanding of cloud infrastructure (AWS, Azure, etc.).
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Ability to work effectively in a collaborative team environment.
• Knowledge of regulations and compliance requirements and security frameworks (TISAX, ISO 27001, NIST, CIS, GDPR).
• Experience in the automotive industry is advantageous.

Education

Degree or Equivalent Level. Relevant certifications such as CISSP, CISM, are highly desirable.

Experience

At least 5-7 years of experience in information security, with a focus on security design and supporting projects/programmes as the security technical authority. Proven experience in conducting risk assessments and developing security policies. Experience in managing and implementing security technologies and solutions. Demonstrated ability to communicate security concepts and risks to both technical and non-technical audiences.