Security Incident Manager

GEA is one of the largest suppliers for the food and beverage processing industry and a wide range of other process industries. Approximately 18,000 employees in more than 50 countries contribute significantly to GEA’s success – come and join them! We offer interesting and challenging tasks, a positive working environment in international teams and opportunities for personal development and growth in a global company.

The Security Incident Management Expert is the first contact of the CISO when it comes to processing, handling and learning from security incidents in the GEA Group. He develops reporting channels and improves existing ones. He is responsible for planning and resource allocation in the handling of security incidents. He coordinates closely with the CISO as well as the emergency and crisis management teams and is involved in the corresponding planning.

Responsibilities / Tasks

• Accountable for the managing all kind of security incidents, their reporting and follow-up
• Accountable for the coordination for optimization and success control for all security incidents
• Responsible for the targeted and effective identification of root causes and elimination of error sources and security gaps
• Coordinates with the responsible IT & Digital departments, physical security and facility management departments, legal, compliance, data protection and HR
• Defines the Security Incident Management policies, procedures, and processes, steers and coordinates their technical implementation (e.g. ServiceNow) and aligns those with other incident management processes
• Involved in improving emergency and crisis processes, their documentation and corresponding planning
• Coordinates and steers the Security Incident analysis and response (Security Operation Center)
• Performs internal information security compliance investigations, including evidence collection, analysis, documentation, and formal reporting to stakeholders.
• Improves SOC capabilities by building and tuning detections, expanding telemetry coverage, maturing threat hunting, refining playbooks, automating triage/remediation, producing actionable reporting, and partnering with cross-functional teams.
• Supports threat intelligence operations by collecting, analyzing, and integrating internal and external threat data to inform detection engineering, incident response, and proactive defense activities.
• Maintains awareness of emerging threats, attacker TTPs, and campaigns relevant to the environment.
• Coordinates with external Digital Forensics & Incident Response (DFIR) partners
• Defines Key Performance Indicators (KPIs) and monitors those
• Point of information for all information on critical faults
• Ensures, analyses and improves reporting channels
• Prepares and improves the existing key figure analyses and supplements suitable ones for his field of activity
• Receives reports of monitoring systems and improves this process
• Communicates with authorities (in alignment with CISO)
• Works with the sales/communications department on the design and implementation of publications on security incidents to customers
• Is the contact for all BISOs, RISOs and LISOs in whose area of responsibility security incidents have occurred or may have occurred
  
  

Your Profile / Qualifications

• Bachelor or Master’s degree in Information Technology/Computer Science/Cybersecurity, Business Administration, or a related technical experience
• 2+ years of experience related to Cyber- or Information Security
• Knowledge of cyber security technologies and methods (threat landscapes, models, standards) as well as in network technologies and network security (routers/switches, firewalls, IDS/IPS, SIM/SIEM, endpoint security)
• Experience in Linux and Windows infrastructures (for forensic analysis and countermeasures), network architectures, and application operations and hardening
• Experience in system and network design
• Experience in O365 and Azure Security
• Knowledge about standard methodologies related to networking and system security
• Experience with Authorization and authentication procedures for network, computer and applications
• Knowing security standards such as ISO
• Knowledge about monitoring and security software such as IDS and IPS
• Experience with firewalls
• Knowledge about encryption technology
• Interpersonal skills in communication and collaboration
• Strong communication skills, in English, local language is a plus
• Strong analytical ability, business acumen, problem solving skills
• Capabilities, in financial & budget ownership
  
  

Did we spark your interest?

Then please click apply above to access our guided application process.