Data Protection and Information Security Officer Assistant

The DPO & IS Officer Assistant supports the Data Protection and Information Security Officer in implementing and maintaining the organization’s data protection and security policies. The assistant will help to ensure that our company’s data and information assets are protected from unauthorized access and comply with privacy laws. His scope covers all security assurance activities related to the availability, integrity and confidentiality of customers, business partners, employees, suppliers, contractors and business information in compliance with the organization's information security policies.

A key element of the DPO & ISO Assistant role is working with company business teams, HR, Finance and corporate legal to determine acceptable levels of risk for the organization. This position is responsible for enabling and supporting the establishment and maintenance of the corporate-wide information security management program and working with operation security team to ensure that all information related assets are adequately protected.

Key Responsibilities

• Assist in the development and enforcement of security policies and procedures.
• Coordinate with IT departments to implement security measures and conduct regular system audits.
• Support the DPO in monitoring compliance with GDPR and other data protection laws.
• Help in conducting risk assessments and data impact analysis.
• Facilitate security training sessions for staff to raise awareness about data protection.
• Assist in managing security incidents and breaches, including documentation and reporting.
• Keep abreast of the latest security trends, threats, and regulatory changes.

Data Protection and Information Security Governance and Risk Management

• Under the direction of the DPO & ISO, help develop, maintain and monitor a strategic, comprehensive enterprise information security and IT risk management program.
• Work directly with the business units to facilitate risk assessment and risk management processes to establish and manage a company risk register.
• Assist with the overall business technology planning, providing a current risk viewpoint and knowledge and future vision of technology and systems in the product innovation and development processes.
• Partner with business stakeholders across the company to communicate and deploy company policies updates and raise awareness of risks and security related concerns to deliver cyber awareness program.

Data Protection and Information Security Compliance and Control

• Manage and lead implementation of company security compliance programs such as GDPR, CCPA or PIPL, TISAX certification, ISO 27001, NIST/NIST CSF or SOC 2 type 2 compliance frameworks.
• Audit, control and validate acceptable risks and compliance of company processes, cloud, application and infrastructure changes, company suppliers and contractors services and be force of proposal to meet security and performance standards.
• Understand and interact with related disciplines through committees to ensure adequate governance and the consistent application of policies and standards across all company processes, projects, systems and services.
• Work on Sales enablement by assisting Customer Service Delivery and Sales / Business development teams to promote our company and data security maturity of our products and services in front of our customers and prospects. This includes maintaining a security portal with marketing grade Security Assurance Plan and prefilled Cloud Star Alliance CAIQ / NIST CSF security questionnaires.

Requirements

Certifications

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field.
• Professional security management certifications such as CISSP, CISM, or equivalent are highly desirable.

Professional Background

• Minimum of 5 years of proven and successful experience in a combination of risk management, information security and IT jobs with international exposure
• Understanding of information security principles and data protection regulations.
• Familiarity with cybersecurity frameworks (e.g., ISO 27001, NIST).
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal abilities.
• Ability to handle confidential information with discretion.
• Proficient in using security software and tools.
• Experience in automotive or industrial business is a plus.

 Skills & Abilities

MUST-HAVES

• Professional English at business negotiation proficiency, both written and oral.
• Experience with data protection impact assessments (DPIA).
• Knowledge of IT audit strategies and frameworks.
• Advanced skills in Cybersecurity, Microsoft 365, Azure Cloud and Windows technologies
• “Team Player” attitude with excellent organizational skills and proven ability to leverage internal resources.
• Knowledge of various IT and business functions, software development processes.
• Experience and skills in Solution Architecture and PMO / project portfolio management.
• Need to be able to develop status reports for external and executive stakeholders.
• Capacity to work with an agile methodology.
• Technical writing / documentation skills with passion.

NICE-TO-HAVES

·        Professional French and/or German or Chinese.