Responsibilities:
Ensuring Compliance with Security and Regulatory Requirements: Monitor and assess adherence to legal, regulatory, and internal requirements in information security and data protection. Conducting Audits and Assessments: Plan, coordinate, and execute internal and external audits as well as risk and compliance assessments to identify vulnerabilities and areas for improvement. Consulting and Training: Support and raise awareness among business units and employees on compliance and security topics; conduct awareness trainings. Risk Management: Identify, assess, and track risks related to information security and compliance; develop and implement risk mitigation measures. Reporting and Communication: Prepare compliance status reports and communicate results and recommendations to management and relevant stakeholders. Collaboration with Internal and External Partners: Work closely with IT, data protection, legal, internal audit, as well as external auditors and authorities. Preparation and Support of Certifications: Assist in the preparation and execution of certifications (e.g., ISO 27001, TISAX) and ensure ongoing compliance with requirements. Continuous Improvement: Analyze incidents, derive lessons learned, and continuously enhance compliance and security processes.
Qualifications :
Degree in IT, business informatics, engineering, or a comparable qualification. Analytical thinking, strong communication skills, and assertiveness. Expertise in Cyber Security governance, risk, compliance; familiarity with IIA 3 lines of defense governance standards and ISO 27001.Comprehensive understanding of regulatory requirements and industry standards related to Cyber Security risk management and compliance. Solid foundation in Cyber Security control frameworks based on ISO 27001, enabling the identification and implementation of mitigating measures for strategic BASF risks while effectively balancing risk severity with business opportunities and the operational impact on various business units. Proficient in GRC tools for managing governance, risk, and compliance processes, ensuring effective integration and reporting. • Familiarity with security frameworks and compliance standards such as ISO 27001, NIS2, and the Cyber Resilience Act, etc., to ensure proper alignment with regulatory requirements. • Proficiency in utilizing collaboration tools such as M365 and SharePoint to streamline communication and documentation within teams.