Domain Lead, Technical Information Security Officer

Your Role & Responsibilities

• Strategic threat prevention Development: Design and develop comprehensive threat prevention and management for hybrid cloud and on-premise environments, ensuring alignment with business objectives and risk management strategies.
• DEVSECOPS Integration: Spearhead the infosec requirements within the DEVSECOPS pipeline, promoting automated security testing and continuous delivery practices.
• ERP and Supply Chain Security: Enhance security for ERP systems and supply chain processes to protect against unauthorized access and potential breaches.
• Risk Assessment and Mitigation: Conduct thorough technical risk assessments and define actionable mitigation strategies to address identified security threats and vulnerabilities.
• Incident Response and Recovery: Lead the design and execution of incident response plans and recovery strategies, ensuring rapid response capabilities to minimize impact on operations. Lead Purple team exercises and manage offensive security suite of tools to identify and remediate attack paths to company systems.
• Stakeholder Collaboration: Collaborate with internal IT leaders and business stakeholders to prioritize security initiatives and investments based on risk and business impact.
• Leadership and Team Development: Mentor and lead a team of security architects and specialists, fostering a culture of continuous improvement and professional growth.
• Compliance and Best Practices: Ensure compliance with relevant laws, regulations, and standards such as GDPR, SOX, and ISO standards, EU NIS2.0, China PIPL, NIST, etc. Stay abreast of industry trends, tools, and practices, incorporating them into the security strategy as applicable.
• InfoSec in Merger and Acquisition: Support in the due diligence of the merger and acquisition & acquisition process, ensuring the cyber risk posture of the prospective acquisition are known before integration.

Your Profile

• Education: bachelor’s or master’s degree in information security, Computer Science, or a related field.
• Experience: At least 10 years of experience in information security, with a hands on mentality and a penetration testing background.
• Proven hand’s on experience with offensive and defensive Security tools
• Proven hand’s on experience in guiding a team to simulate and improve attack detection and response capabilities.
• Proven hand’s on experience with reputable EDR Solutions, handling and understanding the EDR alerts and ability to guide and coach other team members.
• Deep understanding of Threat landscapes and system hardening techniques for windows and Linux and cloud native environments.
• In depth hands on expertise on implementation of security controls across hybrid environments.
• Experience in Applications and Vendor Technologies technical assessments.
• You have a comprehensive understanding of modern technology and have a solid understanding on how to  practically apply security in an enterprise environment.  
• You can translate specific security requirements and risks into a business context and act as a technical expert.
• Certifications: OSPC, GPEN, GCIH

Brenntag TA Team