: Information Security Program Manager ISPM Manager
At Siemens we are always challenging ourselves to build a better future. We need the most innovative and diverse Digital Minds to develop tomorrow’s reality. Find out more about the Digital world of Siemens here: www.siemens.com/careers/digitalminds
Role and Responsibilities
The primary responsibilities of this position are focused on ensuring that all departments meet International, Federal, State and Local compliance requirements with which management has determined SISW should comply. This includes providing direction and procedures to work groups to ensure that all departments can be certified in various Information Security and Data Privacy compliance certifications. Perform internal audits to ensure compliance. Work with external auditor to provide requested information and ensure audit success.
- Directs programs, policies, and practices to ensure that all business segments and functions are in compliance with financial, legal, human resources, security and operational policy and reporting regulations.
- Supports community collaboration and best practice sharing
- Develops organizational compliance strategies by contributing information, analysis, and recommendations to strategic thinking and direction of corporate objectives.
- Support deployment of application security across Software Development Lifecycle
- Support the Siemens DI SW Sec Ops strategy for SaaS and cloud products.
- Validate security roadmaps for each product group align with technical and business risk
- Support alignment of DevOps, RunOps and SecOps
- Demonstrates expertise in a variety of the SaaS and Cybersecurity concepts, practices, and procedures. .
- Creates functional strategies and specific objectives for the sub-function and develops budgets/policies/procedures to support the functional infrastructure.
- Organizes and facilitates responses to customer requests for compliance information and/or compliance audits.
- Deep knowledge of the managed sub-function and solid knowledge of the overall departmental function. Typically requires 5+ years of managerial experience
- Implementation, operation and maintenance of the Information Security Management System based on the ISO 27001 standards, including certification.
- Performs information security risk assessments and assess the control environment of the business processes and applications under review, including both manual and automated processes in accordance with the information security program
- Develop remediation and corrective action plans with related governance and operational functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary
- Validate that common cloud CI CD process pipeline is being used and deployed to new acquisitions.
- Support security incident management, security compliance monitoring and security event monitoring
- Develop supporting information security awareness, training, and educational material
Required Knowledge/Skills, Education, and Experience
- Bachelor’s Degree preferably in Information Assurance, Risk Management, or Networking
- At least five years of working with ISO 27001:2013’ 27004:2016, 27005:2018, 27006:2015, 27017:2015, 27018:2019, 19011:2018, SSAE16/18, SOC2 type 1 and 2.and expertise in applying the standards to office environments
- 3 to 5 Years of executing IS Management Systems in multi-site international environments
- At least five years in the field including at least one ISMS development and deployment
- Experience developing business centric policies and procedures based on the standards for a non-manufacturing environment
- Understanding of risk management, threat assessment and risk treatment actions is critical.
- Experience with cloud development and cloud deployment technologies
- Experience leading Risk assessments and Internal Audits
- Experience helping develop and deploy technical solutions to address risks
- Security certifications in areas like CISA, CISM, CISSP, and AWS certified security a plus.
- Able to effectively communicate with senior management levels as well as being able to work in detail with product and security professionals
- Ability to get work done through a network of volunteers
- Ability to influence decision makers through well founded presentations and discourse
- Excellent interpersonal, communication and analytical skills
- Well-developed writing skills, especially when creating clear and concise procedures
- Ability to manage multiple projects/tasks and work independently with minimal supervision
- Proficient in MS Office (Word, Excel, PowerPoint, and Access)
- Demonstrated ability to recognize, evaluate, and recommend controls for workplace hazards
- Effective critical thinking and problem-solving skills
- Position requires up to 20% travel
Qualified Applicants must be legally authorized for employment in the United States. Qualified Applicants will not require employer sponsored work authorization now or in the future for employment in the United States.
Siemens Industry Software Inc.
Equal Employment Opportunity Statement
Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability unrelated to ability, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, order of protection status, protected veteran or military status, or an unfavorable discharge from military service, and other categories protected by federal, state or local law.EEO is the Law
Applicants and employees are protected under Federal law from discrimination. To learn more, Click here.Pay Transparency Non-Discrimination Provision
Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision. To learn more, Click here.California Privacy Notice
California residents have the right to receive additional notices about their personal information. To learn more, click here.