The Security Engineer/project manager is responsible for the end-to-end realization of security initiatives and projects within the Digital organization. This role combines project management, in-depth technical expertise, and an advisory function to strengthen and safeguard the organization's digital resilience within various Digital domains (Infrastructure, software development, and OT).

1 Main responsibilities

1.1 Security project management and realization

• Responsible for setting up, coordinating, and executing security projects from A to Z:
• Drafting project plans and approaches
• Coordination of stakeholders and resources
• Monitoring timing, scope, and budget
• Implementation and delivery of technical solutions
• Combination of project-based management and hands-on technical implementation
• Ensuring quality and security-by-design principles in projects

1.2 Development and implementation of security processes

• Analyzing, defining, and implementing security processes, procedures, and controls
• Translating policies into practically applicable guidelines and workflows
• Continuously improving existing security processes based on incident analysis, risk assessments, lessons learned, etc.

1.3 Technical security expertise

• Utilizing in-depth knowledge within modern security platforms, including Microsoft Defender suite, Entra ID / Active Directory, Identity & Access Management (IAM)
• Evaluating, configuring, and optimizing security tools and solutions
• Supporting troubleshooting and incident analysis in complex security issues

1.4 Advisory role within Digital

• Acting as a trusted advisor for internal stakeholders within Digital services (Infrastructure, Software Development, OT environments, …)
• Advising on technical security implementations, architectural choices, risk assessments and mitigation measures, etc.
• Active contribution to security governance and the security organization

1.5 Security frameworks and compliance

• Applying and advising on common security frameworks and standards:
• CyberFundamentals, NIST, CIS Controls, ISO27001
• Supporting compliance processes and audits
• Knowledge of NIS2 is a significant asset

1.6 Incident analysis and continuous improvement

• Leveraging broad experience as a System Engineer to:
• Correctly analyze and assess incidents and events
• Identify and implement structural improvements
• Draft concrete improvement proposals and follow up after approval
• Contributing to proactive security posture management

1.7 Security evangelization (technical)

• Taking on a role within the technical landscape to promote security and strengthen the security policy and best practices within Digital
• Supporting other teams and projects as a security advisor

1 Profile and competencies

1.1 Knowledge & experience

• Demonstrable experience in security project management and technical execution
• Strong technical background within enterprise IT environments
• Thorough knowledge of security concepts, architectures, and solutions
• Experience with security frameworks and compliance standards
• Broad experience as a System Engineer is essential

1.2 Competencies

• Results-oriented and proactive attitude
• Strong analytical and problem-solving skills
• Good communication and advisory skills
• Stakeholder management and persuasiveness
• Hands-on mentality combined with strategic insight
• Continuously focused on improvement and realization