• For our Section "Energy”, we are looking for an external Information Security Specialist to support us in implementing new security requirements (e.g. DORA) in our globally leading trading systems for energy and commodities markets. The tradable instruments cover a wide variety such as Power Spot instruments, commodity futures and OTC cleared derivatives most of which are tradable 24/7, 365 days a year.

Field of activity:

• DevSecOps is essential for keeping our systems and solutions safe in a continuously changing world. Being IS Specialist, you will be joining to a cross-location team that is responsible for 24/7 mission critical infrastructure and platform delivery of Commodities IT area. With the responsibility of implementing DORA requirements, enhancing IT security across our product-based organization, you will be contributing to the design and supporting the implementation our security backbone.
• This position requires strong security background on regulated environments. You will be expected to identify security gaps proactively, determine the potential risk of those, drive for the right mitigation solution across multiple teams to make our infrastructure and applications compliant with the new security requirements and educate other members of the technical teams. 

Tasks/responsibilities:

• Contribute designing security strategies and corresponding controls
• Provide subject matter expertise for compliance requirements based on corresponding information security standards.
• Implement necessary security controls and standards.
• Enhance the quality in secure infrastructure and remove toil work through everything as code approach.
• Support the Risk Management and Vulnerability Management processes.
• Collaborate with internal Dev and Ops units to establish IT security best practices.
• Create technical and procedural documentation to be shared with necessary stakeholders.
• Foster knowledge sharing and skill transfer.

Minimum Qualifications/required skills:

• Bachelor's degree or equivalent in Computer Science, Information Systems Management, Information Technology, or other related discipline
• 5+ years’ professional experience in Information Security field
• Strong knowledge of security protocols and standards
• Knowledge of PAM and IAM work frames
• Strong knowledge of Segregation of Duty and Internal Control Systems
• Familiar with the security hardening of DevSecOps processes
• Familiar with Risk Management and Vulnerability Management
• Strong documentation skills
• Ability to bridge between IT and Corporate staff such as Legal, Compliance and Audit sections
• Hands-on experience in designing and implementing automated security testing
• Strong written and oral communication and analytical problem-solving skills
• Good understanding of regulatory conditions and requirements in the finance IT (BaIT, KRITIS, DORA etc.)
• CISSP certification is a plus. (E.g ISO 2700x, German BSI IT Grundschutz, COBIT, MaRisk)