Cyber Security Manager (m-f-d)

The Mission

FSC works to take care of our forests and those who rely on them: by protecting plant and animal species, Indigenous Peoples’ rights, forest workers’ safety, and much more. We achieve this through FSC certification, ensuring forests around the world are responsibly managed. For more information on FSC, visit our website at www.fsc.org.

To effectively meet the challenge of protecting the world’s forests, we are committed to ensuring we have the world’s most skilled people working with us. This commitment extends to everyone that works in FSC around the world: from those that lead the design of policies and standards, to those that roll out those same policies and standards on the ground, and to those that provide us with backbone to do our work.

We are looking for an engaged Cyber Security Manager who brings solid expertise and a passion for FSC’s mission, to work with us in a multinational environment.

The Scope

To co-lead the FSC Cybersecurity roadmap. Execution and management of our cybersecurity strategy. Your responsibilities will encompass safeguarding our systems and data against an evolving landscape of cyber threats, as well as ensuring steadfast compliance with relevant regulations. Fortifying our digital defenses and maintaining the security and integrity of our operations. In addition, The position will be at the forefront of driving a Zero Trust security approach, championing the principle of "never trust, always verify" to fortify our digital defenses and maintain the highest level of security for our organization.

Main Roles and Responsibilities

• Contribute to establishing and implementing the Cybersecurity roadmap, actively shaping strategic initiatives from inception to execution.
• Implement and oversee real-time monitoring of the organization's digital footprint, including external attack surface and online presence, to identify unauthorized exposure of sensitive information or assets.
• Establish, implement, and continually update security policies, procedures, and guidelines to protect sensitive data and regulatory compliance.
• Develop, maintain, and test incident response plans, leading incident investigations, coordinating response efforts, and overseeing recovery initiatives.
• Assess and monitor the security posture of third-party vendors, ensuring their compliance with cybersecurity requirements.
• Select, implement, and manage security technologies and tools (e.g., firewalls, SIEM, IDS/IPS) to protect against threats and vulnerabilities.
• Maintain thorough documentation of security policies, incident reports, risk assessments, and security measures.
• Plan and execute security audits, compliance assessments, and penetration testing, driving remediation efforts and ensuring adherence to standards.
• Collaborate on business continuity and disaster recovery plans, ensuring critical systems can be restored swiftly.
• Stay up to date with emerging cybersecurity threats, technologies, and best practices through continuous learning and professional development.
• Undertake any additional tasks as agreed upon with the supervisor, ensuring a flexible and adaptive approach to fulfilling the organization's cybersecurity needs.
• Any other task as assigned by formal supervisor and project work as assigned according to special organizational needs.

Qualification, Experience and Skills

• Education and Training:
  • A university degree in Mathematical, Statistical and/or Computer Sciences, or suitable IT-related field
  • Industry recognized certification in Security Incident Handling and Industry standard certifications in security (CISA, CISM, CISSP etc.) is a plus.

• Working Experience, Style and Skills:
  • Proven experience in cybersecurity and Cyber Incident Management
  • 4 -6 years’ relevant experience in Cyber Security
  • Experience in crafting and implementing cybersecurity policies and procedure.
  • Proficiency in implementing secure coding practices and ensuring adherence to coding standards that minimize vulnerabilities.
  • Familiarity with secure software development life cycle methodologies.
  • Experience with various application security tools and technologies to identify and mitigate security risks in software applications.
  • A probing and analytical approach with the ability to pre-empt potential problems and identify inefficiencies.
  • Proactive team player

• Computer Skills:
  • Experience with cloud security tools and platforms such as Microsoft Azure Security Center or AWS Security Hub
  • Familiarity with security automation and orchestration tools like Terraform and Ansible.
  • Knowledge of machine learning and AI-based security tools for advanced threat detection, analysis, and response

• Languages:
  • Fluency in English (spoken and written).
  • German is a plus.

• Others:
  • Experience in working in a multi-cultural, multi-lingual, global team.
  • Commitment to FSC’s mission and values.
  • Demonstrated cultural awareness and sensitivity to the diversity of values, views and approaches to issues relevant to the FSC program by stakeholders around the world.

Terms and Conditions

• Location: Bonn, Germany.
• Working Hours: Full time - 40 hours per week.
• Duration of Employment: Temporary contract - 2 years (extension possible, subject to satisfactory performance).
• Starting Date: As soon as possible.

How to Apply

• Please apply via our website by submitting your CV in English
• Please do not send any photos of yourself.
• The deadline for applications is 17 December 2023.

We will confirm receipt of your application. However, only candidates shortlisted for an interview will be further contacted and will receive notice of the outcome of the selection process. Should you not receive a confirmation of receipt please check your spam filter and if you cannot find it there contact us at recruitment@fsc.org

For FSC, inclusiveness and diversity are important values. As such, we welcome and encourage applications from all backgrounds and are entirely committed to consider all qualified applicants regardless of race, gender, sexual orientation, religion, ethnicity, age and disability.  

Please be informed, that by applying for this position you automatically accept our Data Protection Information on processing your personal data.

We are looking forward to your application!