Information Security Officer

About Siemens Digital Industries Software:

The Mendix organization at Siemens Digital Industries Software is seeking a proactive and expert Information Security Officer to join our dynamic team. In this critical role, you will be instrumental in safeguarding our information assets, ensuring compliance with evolving regulatory landscapes, and encouraging a robust security culture across the organization. This position offers a significant opportunity to contribute to the integrity and resilience of our digital infrastructure.

 

What you'll be doing:

As an Information Security Officer, you will be responsible for a range of strategic and operational security initiatives, including:

• Control design & Operating Effectiveness: Design and evaluate the effectiveness of security controls, assessing their ability to mitigate risks and recommending improvements to ensure they operate as intended and achieve desired security outcomes.
• Compliance Monitoring & Reporting: Proactively monitor compliance against various security frameworks and regulatory requirements (e.g., NIST, ISO 27001, SOC I & II, C5, ISO 42001). Provide actionable recommendations based on standards and report on progress to relevant stakeholders.
• Audit Support: Support internal and external audits by gathering, assessing, and providing necessary evidence to demonstrate compliance.
• Evidence lifecycle management: Manage the entire lifecycle of security evidence, from collection and secure storage to version control and eventual archival, ensuring its integrity and availability for audits and compliance checks.
• Policy & Standard Development: Research, establish, and maintain robust information security policies, standards, and procedures tailored to specific organizational needs and emerging threats.
• Security Culture & Communication: Communicate effectively about information security risks, standards, and policy updates, fostering a strong security-conscious culture across the organization.
• Control Implementation & Maintenance: Collaborate with applicable departments to ensure security controls are effectively implemented, maintained, and continuously optimized.

 

What you'll bring:

We are seeking a dedicated professional with a solid foundation in information security and a proactive approach to risk management.

Skills & Qualifications:

• Experience: 3-5 years of progressive experience in an Information Security, IT Audit, or Compliance role, demonstrating a solid understanding of information security principles and practices.
• Cloud Security Expertise: Solid understanding of security operations, controls, and best practices within cloud environments (e.g., AWS, Azure, GCP). Experience with cloud security frameworks and tools is highly desirable.
• Framework & Regulation Knowledge: In-depth knowledge and practical experience with a range of information security standards, frameworks, and regulations (e.g., ISO/IEC 27001 family, GDPR, SOC 2 Trust principles).
• Enterprise IT Familiarity: Familiarity with enterprise data environments, system integrations, and software development lifecycles (SDLC).
• Certifications: An independent and active information security certification (e.g., CISM, CISSP, ISO 27001 Lead Implementer, CompTIA Security+) is required.
• Analytical & Problem-Solving: Exceptional analytical and problem-solving abilities to perform detailed gap analyses, identify root causes, and develop practical, effective security solutions.
• Communication: Excellent written and verbal communication skills in English, with the ability to articulate complex security concepts clearly to both technical and non-technical audiences.
• Initiative & Collaboration: High level of initiative, self-direction, and the ability to work independently while also being a strong team player and collaborating effectively across departments.