ABOUT US
At BASF Digital Hub Madrid we develop innovative digital solutions for BASF, create new exciting customer experiences and business growth, and drive efficiencies in processes, helping to strengthen BASF´s position as the digital leader in the chemical industry. We believe the right path is through creativity, trial and error and great people working and learning together. Become part of our team and develop the future with us - in a global team that embraces diversity and equal opportunities.
WHAT YOU CAN EXPECT
We are seeking an experienced Cyber Security Risk Manager to join our CISO organization. As part of the Cyber Security Risk Management team, you will contribute to the development, implementation, and maintenance of our cyber security risk management framework.
You will be a part of our Cyber Governance, Risk and Compliance (GRC) Product Family, which is the pilar of the second Line of Defense (2LoD) and manages the Cyber Security Framework for the whole BASF Group, following a risk-based approach. One major part of that is to develop and implement risk management tools, policies, and procedures in line with ISO 27001 and other relevant standards. Your core responsibilities will be:
- Provide support to Asset Owners and Risk Owners to facilitate the operationalization of Cyber Risk Management -related processes.
- Foster collaboration with our global Risk Community, by actively gathering their feedback, while effectively communicating updates and enhancements to ensure alignment and engagement.
- Provide awareness materials and moderate training sessions on Cyber Security Risk Management to promote continuous learning and compliance towards BASF Business Units.
- Derive new processes or pilots to strengthen GRC in response to the evolving threat landscape.
- Conduct research on new threats by leveraging different sources such as Google Threat Intelligence or Dragos
- Execute strategic risk assessments on-demand to identify and evaluate emerging risks that could negatively affect or harm BASF
- Maintain and improve the toolset that our team provides (RSA Archer, Power BI, Knowledge Base within SharePoint)
- Aggregate operational risks and translate asset-specific risks to generic risk scenarios on enterprise level to support senior management reporting and strategic as well as tactical decision-making.
- Support the lifecycle update of group-wide cyber security governance regulations based on generic BASF risk landscape.
- Work closely with cross-functional teams to support compliance of risk management processes with ISMS according to ISO 27001 and other relevant regulations.
- Collaborate with Asset Owners and Risk Owners to maintain a risk register and associated risk treatment plans up to date
- Monitor and report on the effectiveness of risk management controls and support the reporting of significant risks to senior management
REQUIREMENTS OF THE POSITION
- University degree in computer science, Information Technology, or a related field
- Experience with developing, implementing, and maintaining an ISMS based on ISO 27001 or other relevant standards
- Profound experience in cyber security, particularly in GRC and cyber security risk management
- Strong understanding of risk management principles, frameworks and practices, especially in the field of risk aggregation as well as definition and evaluation of generic risks on enterprise level
- Experience with risk assessments, cyber threats and vulnerabilities
- Knowledge of relevant laws and regulations related to cyber security
- Excellent communication and interpersonal skills, with the ability to work effectively with internal team members and cross-functional teams Internal
- Relevant certifications such as CISSP, CISM, CRISC are a plus
WHAT WE OFFER
- A secure work environment because your health, safety and wellbeing is always our top priority.
- Flexible work schedule and Home-office options, so that you can balance your working life and private life.
- Learning and development opportunities
- 23 holiday days per year
- 5 additional days (readjustment)
- 2 cultural days
- A collaborative, trustful and innovative work environment
- Being part of an international team and work in global projects
- Relocation assistance to Madrid provided
HOW TO REACH US
If you're interested in the position or know someone who might be and need support on how to take next steps, please send an email to felipe.bianco@partners.basf.com