Level: Experienced

Job Field: IT, Project, Security

Employment Type: Full Time

Contract Type: Permanent employment

Salary: from 5.071 € Gross/Month

Location: Linz

Working Model: Onsite

Job Summary

In this role, you will plan the ISI risk management system, conduct risk analyses, and develop security measures to minimize risks in business processes and assets.

Job Technologies

SCADA

Your role in the team

The Information Risk Manager (IRM) supports the CISO within the framework of Information Security Risk Management (ISRM) at Netz OÖ and is a central point of contact and sparring partner at Netz OÖ on the topic of ISRM.
Planning, implementation, and maintenance of an ISI risk management system with the aim of obtaining comparable and reproducible results (in coordination with the CISO).
Management of the ISI risk management system, including relevant processes and the goal of risk identification, risk minimization, and measures control.
Conducting and documenting risk analyses in coordination with the CISO and the ISBs/ISAs, as well as in accordance with the guidelines/regulations on ISI risk management in Netz OÖ.
Participation in specialized professional circles, interest project groups, especially with a focus on risk management.
Identification of risks.
Identification of business processes.
Identification of assets (inventory and classification of assets) and linking them to business processes.
Identification of the impacts caused by threats and the consequences resulting from the loss of confidentiality, integrity, and availability (Business Impact Analysis).
Identification of asset vulnerabilities.
Analysis and evaluation of risks.
Assessment of the impact and consequences resulting from the loss of confidentiality, integrity, and availability on the assets.
Determination of the risk levels.
Recommendation on whether a risk is acceptable or if countermeasures are necessary.
Selection of security measures and controls for risk treatment.
Ensure that all established risk control measures are communicated in a timely manner and that the risk level is maintained at an acceptable level (risk treatment control).
Close coordination with the process - Enterprise Risk Management of Netz OÖ.
Creation of necessary documentation, reports, and evidence in the field of ISI risk management.
Participation in the ISMS team of Netz OÖ.

This text has been machine translated. Show original

Our expectations of you

Education

HTBLA or University of Applied Sciences with a specialization in "IT Security," or equivalent education and experience as an Information Security Manager (IS Manager).
Training and experience as an IS auditor are advantageous.
IS Manager or equivalent qualification.

Qualifications

Solid knowledge in the field of risk management (risk analysis, risk treatment). Experience with the CIRSAM® software - Fa. CALPANA is advantageous.
Knowledge in the areas of network control systems (SCADA), remote control technology, network technology, plant control technology, protection technology, monitoring systems, and automation technology is advantageous.
Analytical skills and conceptual abilities with strong problem-solving competence.
Team and communication skills.
Self-reliance and resilience.
Overview skills and implementation strength.
Further training courses (if proof is not yet available) (Note: Planning and implementation according to the training schedule).
Further training courses on risk management.
Participation in sector-specific events, project groups, and professional conferences with a focus on risk management.
Impeccable references.

Experience

Knowledge of internationally recognized information security standards (ISO 27001, ISO 27019, etc.) and experience in information security management are advantageous.
Experience in project and process management.

This text has been machine translated. Show original