Head of Security and Privacy Engineering (m/f/d)
Düsseldorf, NRW, Germany
METRO/MAKRO
METRO is a partner of many small and mid-sized independent companies. Their success is our business. The group is headed by METRO AG, which acts as the central management holding company.Company Description
METRO is a leading international food wholesaler which specialises in serving the needs of hotels, restaurants, and caterers (HoReCa) as well as independent merchants (Traders). Around the world, METRO has approx. 15 million customers who benefit from the wholesale company’s unique multichannel mix: customers can purchase their goods in one of the large stores in their area as well as by delivery (Food Service Distribution, FSD) – all digitally supported and connected. In parallel, METRO MARKETS is being developed as an international online marketplace for the needs of professional customers which has been growing and expanding continuously since 2019. Acting sustainably is one of the company principles of METRO which has been listed in various sustainability indices and rankings, including MSCI, Sustainalytics and CDP. METRO operates in more than 30 countries and employs over 85,000 people worldwide. In financial year 2023/24, METRO generated sales of €31 billion.
At METRO, we have set ourselves ambitious goals with our “sCore” growth strategy which is closely accompanied by our Fundamentals. These shared values provide us with rules of conduct that are binding for everyone at METRO, in all countries and companies. Our commitment to wholesale is at the forefront of our mission, and we are constantly striving to improve. With our ONE METRO spirit, everyone stands together, bringing curiosity, determination, courage, drive, commitment, and trust. Find out more about METRO at careers.metroag.de.
Job Description
Join us in developing and strengthening an entire department and transforming Cyber Security capabilities on a global scale. If you're committed to making a real impact in the field of Cyber Security, you can #ShapeTheM with us.
Besides an interesting professional environment, we offer you a culture that wants you to thrive and allows to learn from each other:
- We try together, we stumble together, we get up together and shape our future. Be part of our transformation, build cross-functional capabilities and discover new ways of excelling in the Cyber Security field.
- We create impact in the world of food and offer comfort for our customers worldwide. To achieve this, we build capabilities to be the cyber-resilient omni-channel wholesaler.
- We invite you to take on responsibility, make our company your company and create a business together that remains true to its roots but always seeks new solutions.
- Together, we CARRY the M, we GROW the M, we INSPIRE the M, we SHAPE the M.
The purpose of that role:
The role involves developing and implementing Security and Privacy by Design and by Default capabilities, securing the entire CI/CD pipeline, and leading the security engineering community within product teams to enhance security practices. Additionally, it includes translating the Information Security Strategy into distinctive capabilities provided across METRO and METRO AG to integrate security and privacy effectively. This role will lead a team with up to 4 employees.
Your tasks:
- Develop and lead the Security & Privacy Engineering Team, hiring Security Engineers, defining roles and responsibilities
- Develop and support by providing advices the implementation of guidelines and business capabilities to enable Security and Privacy by design and by default processes.
- Oversee and steer, Threat Modelling, Application Security, Technical & Operational Measures (TOM), Cloud Security, Orchestration and Automation of incident response activities and internal controls activities related to Information Security across METRO.
- Review and monitor performance metrics and manage continuous improvement
- Collaborate with DPO in all Privacy Engineering topics, i.e. Coordinates the TOM together with the DPO
- Support CISO in defining annual objectives and monitor progressses and relevant KPI to be reported to METRO AG Boards
Qualifications
- Educational Background: A Master's degree (MSc) in Computer Science or an M.Eng/M.Sc in Software and Systems Security is required.
- Experience: A minimum of 10-15 years of relevant experience in the field of cyber security.
- Leadership Experience: Demonstrated leadership experience in developing and leading the Security & Privacy Engineering Team, including hiring Security Engineers, defining roles and responsibilities, and fostering a high-performance culture.
- Security by Design and by Default: Proven expertise in developing and supporting the implementation of guidelines and business capabilities that enable Security and Privacy by design and by default processes.
- Security Oversight: Substantial experience in overseeing and steering key areas such as Threat Modeling, Application Security, Technical & Operational Measures (TOM), Cloud Security, Orchestration, and Automation of incident response activities, as well as internal controls activities related to Information Security across METRO.
- Performance Management: Proficiency in reviewing and monitoring performance metrics and driving continuous improvement in security and privacy practices.
- Collaboration Skills: Strong collaborative skills, with the ability to work closely with the Data Protection Officer (DPO) on Privacy Engineering topics and coordinate the TOM in conjunction with the DPO.
Nice to Haves:
- GitHub Enterprise Security: Familiarity with GitHub Enterprise security practices and tools.
- Security Tools Proficiency: Experience with security tools like Synopsys, Polaris, and Code Dx, showcasing a strong foundation in code analysis and security assessment.
- Qualys: Familiarity with the Qualys security platform, demonstrating proficiency in vulnerability management and assessment.
Additional Information
- Work-life balance: Flexible working hours with the option of mobile working in agreement with your line manager, 30 days of holidays.
- Training: A comprehensive training offer via our own training center or externally.
- Well-being: Health days with lots of health checks and information about your well-being, company medical care including a range of preventive services, such as flu shots, OTHEB employee assistance program.
- Exciting life on campus: Free gym and sports classes, Rioba coffee bar, canteen with discounted meals for employees, many campus events.
- Discounts: discounted Jobticket as well as discounts in our wholesale stores and at many partner companies.
- Comfort: Good transport connections, free parking spaces, JobBike.
- Company pension plan: You will receive a contribution to your company pension.
- Family driven: Three daycare centers for children on campus, support of holiday camps for children of employees.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation CI/CD CISO Cloud Code analysis Computer Science GitHub Incident response Monitoring Privacy Qualys Security assessment Security strategy Strategy Vulnerability management
Perks/benefits: Career development Flex hours Startup environment Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.