Cyber Security Risk Manager (m/f/d)

ABOUT US

At BASF Digital Hub Madrid we develop innovative digital solutions for BASF, create new exciting customer experiences and business growth, and drive efficiencies in processes, helping to strengthen BASF´s position as the digital leader in the chemical industry. We believe the right path is through creativity, trial and error and great people working and learning together. Become part of our team and develop the future with us - in a global team that embraces diversity and equal opportunities.

WHAT YOU CAN EXPECT

You will be a part of our Cyber Governance, Risk and Compliance Team which manages the Cyber Security Framework for the whole BASF Group. Additionally, you will work closely with our global data privacy organization.

• Identifying, assessing, and prioritizing risks to BASF’s information assets, with a particular focus on those information assets used for processing personal data.
• Establishing a process to ensure that appropriate cyber security controls are in place to mitigate those risks.
• Defining group-wide cyber security governance standards for the systems, assets, or platforms used for processing personal data based on a risk-based approach.
• Collaborating closely with the global data privacy organization of BASF.
• Facilitate operational risk assessments, threat modeling, and vulnerability assessments to support identification of of data protection-related risk areas within the organization's systems and infrastructure.
• Collaborate with stakeholders to maintain a risk register and associated risk treatment plans
• Providing guidance and support to the organization on risk management best practices, with a particular focus on the processing of personal data, including the implementation of new processes and controls.

REQUIREMENTS OF THE POSITION

• Bachelor’s degree in computer science, Information Technology, or a related field
• 5-7 years of work experience
• Experience with developing, implementing, and maintaining an ISMS based on ISO 27001 or other relevant standards
• Profound experience in cyber security, particularly in cyber security risk management
• Strong understanding of risk management principles and practices, especially in the field of risk aggregation as well as definition and evaluation of generic risks on enterprise level
• Experience with risk assessments, threat modeling, and vulnerability assessments
• Knowledge of relevant laws and regulations related to cyber security
• Above-average knowledge of data protection law as well as a passion for data protection. Professional expertise in this environment would be an advantage.
• Passion to cooperate in an international (regulatory) environment
• Excellent communication and interpersonal skills, with the ability to work effectively with interdisciplinary teams
• Relevant certifications such as CISSP, CISM, CRISC are a plus
• Confident communication in English, both spoken and written.
• Confident communication in English, both spoken and written.

WHAT WE OFFER

• A secure work environment because your health, safety and wellbeing is always our top priority.
• Flexible work schedule and Home-office options, so that you can balance your working life and private life.
• Learning and development opportunities
• 23 holiday days per year
• 5 additional days (readjustment)
• 2 cultural days
• A collaborative, trustful and innovative work environment
• Being part of an international team and work in global projects
• Relocation assistance to Madrid provided

HOW TO REACH US

If you're interested in the position or know someone who might be and need support on how to take next steps, please send an email to felipe.bianco@partners.basf.com