Security Manager Azure
hace 4 días
Sant Joan Despí
ppG+D makes the lives of billions of people around the world more secure. We shape trust in the digital age with built-in security tech in three segments: Digital Security, Financial Platforms and Currency Technology. We have been a reliable partner for our customers for over 170 years with our innovative solutions for SecurityTech! We are an international technology group and traditional family business with over 14,000 employees in 40 countries. Creating Confidence is our path to success. Trust is the basis of our collaboration within G+D. /p pWe are the reliable partner for all challenges resulting from the Internet of Things. We offer a complete connectivity portfolio for mobile network operators, automotive manufacturers, technology companies such as chip and module manufacturers as well as transport and logistics providers. Our portfolio includes highly secure solutions in the area of connectivity IoT, from classic SIM, eSIM and iSIM, to the associated embedded operating systems and life cycle management, through to services for global connectivity and IoT solutions. Do you want to actively shape the digital transformation with us? /p pGiesecke+Devrient is a global company that offers security technologies, both in the physical and digital world. Every day, billions of people benefit from G+D innovations in their personal and business lives. We develop, manufacture, and distribute products and solutions for the safeguarding of payment processes, identities, connectivity, and data. At bG+D Mobile Security /b, a world leader in secure telecommunications systems, we are looking for a highly skilled and proactive bSecurity Manager Azure /b to join our agile team. /p h3Key Responsibilities /h3 ul liOwn and continuously improve our ISMS, policies, and security governance lifecycle. /li liAct as a trusted advisor to engineering, product, compliance, and customer‑facing teams. /li liLead security risk assessments, maintain the risk register, and drive quarterly risk cycles. /li liEnsure operational compliance with ISO 27001:2022, GSMA SAS, NIS-2 and customer security requirements and support hands‑on with configuration tasks. /li liCoordinate external and internal audits and assessments, ensuring evidence readiness and smooth execution. /li liLead vendor risk programs that strengthen our supply chain resilience. /li liReview product and architectural changes for governance alignment and secure design. /li liCollaborate with the Security Architect to connect governance with DevSecOps and cloud practices. /li liOwn Azure security posture, govern Microsoft Defender for Cloud findings, Entra ID Conditional Access policies, Privileged Identity Management (JIT access), and quarterly access reviews. /li liSupport on cross‑platform governance tasks, policy alignment, and shared risk register entries covering AWS and Azure workloads. /li liEnforce Zero Trust controls across cloud environments: continuous verification, least‑privilege access, and RBAC/ABAC enforcement. /li liGovern IaC and CI/CD pipeline security gates: review IaC templates for secrets management compliance, approve pipeline security controls, and validate rollback procedures. /li liProduce structured assurance reporting for management: metrics tied to the risk register, control effectiveness, and remediation tracking for findings from Defender for Cloud and AWS Security Hub. /li /ul h3What You Bring /h3 ul liAt least 5 years in information security, risk, audit, or compliance, with a minimum of 3 years in a similar role (security management, cloud security governance, or ISMS ownership), ideally in regulated environments (telecommunications, banking, payments, SaaS). /li liStrong understanding of ISO 27001, risk methodologies, and modern security frameworks. /li liSolid knowledge of security controls (IAM, third‑party risk, secure SDLC, cloud). /li liAbility to challenge and support engineering teams constructively. /li liSolid knowledge of Azure and AWS security controls. /li liPractical understanding of Zero Trust architecture principles and shared responsibility models across IaaS, PaaS, and SaaS. /li liFamiliarity with IaC security practices: secrets management, pipeline approval workflows, and dependency vulnerability handling. /li liExperience producing security assurance metrics and governance reports for senior stakeholders. /li liExcellent analytical, documentation, and problem‑solving skills. /li liFluent English; German or Spanish is a plus. /li /ul h3Nice to Have /h3 ul liISO 27001 Lead Implementer/Auditor, CISM, CISSP, CRISC, CCSP. /li liAZ-500 (Microsoft Certified: Azure Security Engineer Associate). /li liAWS Certified Security – Specialty. /li liCCSK (Certificate of Cloud Security Knowledge). /li liFamiliarity with the Microsoft Cloud Security Benchmark (MCSB) or CIS Benchmarks for Azure/AWS. /li /ul h3What’s great about working with us /h3 ul liCulture and diversity: Join a people oriented environment with different nationalities and a great team spirit, flat hierarchies (everyone speaks to everyone). Equal Opportunity Employer and LGBT+ friendly. /li liGlobal Collaboration: Work collaboratively with stakeholders around the globe. /li liCareer Development: Benefit from continuous training, coaching, and talent development programs. /li liSocial Benefits: flexible compensation (transport tickets, training, private insurance), etc. /li liOwn canteen: take a break with our breakfast and lunch service: chose between a wild range of menus, salad desk, and sandwiches service. Nicely prices! /li liWork-Life Balance: Flexible working hours with the option for remote work (M-Th 8.30 – 17.30 and Fri 8.30 – 15.30; 3 days of remote work). /li liLocation: Sant Joan Despí. Easy communication by public transport. /li /ul h3Privacy Notice /h3 pThe personal data you provide will be processed to manage your application in accordance with the GDPR and our Privacy Policy, available at Data Privacy | G+D. /p /p #J-18808-Ljbffr