Exyte is a global leader in the design, engineering, and delivery of facilities for high-tech industries. With a history of more than 100 years, the company has developed a unique expertise in controlled and regulated environments.
Exyte has a truly global footprint, serving the most technically demanding clients in markets such as semiconductors, batteries, pharmaceuticals, biotechnology, and data centers.
The company offers a full range of services from consulting to the managing of turnkey solutions delivered to the highest quality and safety standards.
Solving the most complex challenges, Exyte forges trusted, long-lasting relationships with its clients. In 2019, Exyte generated sales of EUR 3.
9 billion with around 5,200 highly experienced and motivated employees. The company is ideally positioned to further strengthen its market leadership with its broad industry insight and its exceptional talents. www.exyte.net
A task that challenges
Work with the Head of IT Security to develop a security program and security projects that address identified risks and business security requirements
Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the Head of IT Security with a realistic overview of risks and threats in the enterprise environment
Work with the Head of IT Security to develop budget projections based on short- and long-term goals and objectives
Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department
Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance
Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation
Serve as an active and consistent participant in the information security governance process
Work with the Head of IT Security and IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program
Provide support and guidance for legal and regulatory compliance efforts, including audit support
Consult with IT to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software
Manage and coordinate operational components of incident management, including detection, response and reporting
Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk
Manage security projects and provide expert guidance on security matters for other IT projects
Coordinate, measure and report on the technical aspects of security management
Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plan
A background that convinces
A Bachelor's or Associate's degree in IT, Computer Science, or related field
Any cybersecurity-related certifications are a plus (e.g. ISO27001, Security+, CISSP, CISM, CISA, CGEIT, CRISC, CEH, GIAC / SANS)
5+ years of experience in managing security operations in an enterprise environment
Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff
A strong understanding of the business impact of security tools, technologies and policies
Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel
In-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls
Excellent understanding of information security concepts, protocols, industry best practices and strategies
Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL), NIST and Control Objectives for Information and Related Technology (COBIT) frameworks
Familiarity with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, the U.
S. Health Insurance Portability and Accountability Act (HIPAA), the European Union Privacy Directive, and General Data Protection Regulation (GDPR)
Strong analytical skills to analyze security requirements and relate them to appropriate security controls
Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation