VP Head of Cyber Defence Unit (all genders)

The Head of Cyber Defence Unit is responsible for the design, implementation, and operation (PLAN BUILD RUN) of all technical security solutions and processes. They drive the security vision within IT and beyond, in areas like production, digital products, and facility management. The HoITSEC acts as the authority for the development and enforcement of technical enterprise security strategy, standards, and policies. The HoITSEC is also a close sparring partner to the Chief Information Security Officer (CISO) for aligning Information Security Governance and the technical and procedural adoption of ISMS policies and requirements.

Key Responsibilities

• Developing and implementing the IT Security strategy (covering IT infrastructure, IT applications, cloud, on-premise) and incorporating it into the IT strategy.
• Incorporating the IT security strategy into the production and R&D strategies.
• Establishing a companywide enterprise IT security architecture.
• Defining and enforcing technical security standards and operational policies.
• Driving “Security by Design” in relevant business areas.
• Integrating IT Security into IT processes (IT service management, IT operations management).
• Establishing IT security in projects (security concepts, security reviews) and overseeing the whole project portfolio regarding security relevance and priorities.
• Establishing processes for security operations, including running the security operations center/cyber defence center.
• Managing the international IT security organization and its team of security experts.
• Coordinating external IT security suppliers and operators.
• Planning and performing technical and procedural IT Security audits in the areas of architecture, engineering, and operations.
• Reporting vulnerabilities and technical risks to the CIO and CISO.
• Handling security incidents in close cooperation with Information Security Governance (CISO).
• Defining and creating IT skills and necessary resources (FTE) for IT Security.
• Raising awareness for IT Security in target areas (IT, Production, R&D, Facility).

Ideal Qualifications

• Bachelor's or Master's degree in Business Administration, Information Technology, or a related field, or an equivalent qualification.
• Industry certifications such as PMP, ITIL, ISO 27001, Agile.
• Industry certifications such as CISSP, CISM, SANS, GSEC, etc. (preferred, but not required).
• Minimum 8 years’ experience working in a large-scale IT environment on IT security and risk, including 5 years of managing security organizations/teams.
• Experience in leading a team in the design and assessment of IT security solutions, preferably in a financial services environment.
• A proven track record in dealing with complex security projects and managing conflicting situations and crisis scenarios.
• Ability to adapt to a fast-moving IT security landscape and keep pace with the latest concepts, new security challenges, and cyber threats.
• Profound technical knowledge of security technologies (network, cloud, Identity & Access, etc.).
• Profound knowledge of security norms and standards (ISO 27001, NIST, CIS, GMP).
• Profound knowledge of enterprise IT Security solutions.
• Strong experience in Security monitoring/Security Operations Centre (SOC).
• Thrives on change, showing an ability to constantly develop IT security.
• Ability to build relationships and interact effectively with internal and external parties.
• Excellent communication skills, with the ability to translate complex technical concepts into understandable language.
• Excellent written and verbal communication skills in English; German language skills would be an advantage.
• Experience in a regulated industry such as pharmaceuticals, biotech, or healthcare is preferred.