Exyte is a global leader in the design, engineering, and delivery of facilities for high-tech industries. With a history of more than 100 years, the company has developed a unique expertise in controlled and regulated environments. Exyte has a truly global footprint, serving the most technically demanding clients in markets such as semiconductors, batteries, pharmaceuticals, biotechnology, and data centers. The company offers a full range of services from consulting to the managing of turnkey solutions – delivered to the highest quality and safety standards. Solving the most complex challenges, Exyte forges trusted, long-lasting relationships with its clients. In 2019, Exyte generated sales of EUR 3.9 billion with around 5,200 highly experienced and motivated employees. The company is ideally positioned to further strengthen its market leadership with its broad industry insight and its exceptional talents. 

Our people are our success. As one of us, you will contribute to engineering excellence for the high-tech markets of the future, including semiconductors, batteries, pharmaceuticals, biotechnology, and data centers. At Exyte, you will be part of a global community of challenge seekers who are ambitious and passionate about innovation. Together, we will build on our company’s long history and keep on leading the way to a better world.

The IT risk manager is responsible for establishing and maintaining Exyte’s overall IT risk management, which is designed to ensure that the company’s IT systems and information assets are adequately protected. The individual in this position is responsible for identifying, evaluating and reporting on IT and information security risks in a manner that meets Exyte’s regulatory and other compliance requirements. You will work proactively with the various business units and other internal departments and organizations to implement practices that meet Exyte’s defined policies and standards for information risk management.

Explore your tasks and responsibilities

• Manage all the risk-related activities of Exyte‘s IT organization, including budgeting, planning, testing, reporting and recommending appropriate remediation measures
• Manage oversight and monitoring of risk mitigation and coordination of policy and controls with the different stakeholders to ensure that other managers are taking effective remediation steps
• Ensuring IT compliance with the applicable legal regulations as well as internal corporate policies
• Benchmark the risk management practices of other companies — particularly those in related industries or with similar business models — maintain an up-to-date understanding of industry best practices and monitor the legal and regulatory environment for developments that could require changes to Exyte’s established IT policies and practices
• Create, disseminate and (as required) update documentation of Exyte’s matrix of identified IT risks and control
• Ensure that controls are adequate to meet Security Policies. Conduct assessments and audits based on laws and regulatory expectations (GDPR, SOX, NIST, CIS Critical Security Controls, etc.)
• Design and implement accurate and thorough governance gaps assessments to applicable laws, rules, regulations, and industry practices
• Work directly with the business units and other internal departments and organizations to facilitate IT risk analysis and risk management processes, identify acceptable levels of residual risk
• Design and conduct risk assessments
  • Manage the oversight of technical risk assessments, such as vulnerability scanning and penetration testing
  • Manage information asset and application risk assessments
  • Conduct risk reviews for new applications
  • Manage third-party risk assessments
• Facilitate business alignment and communications by forming an IT risk management steering committee or advisory board
• Review risk assessments analyze the effectiveness of Exyte’s IT control activities and report on them — with actionable recommendations — to the CIO, the CISO, Corporate risk manager and IT managers
• Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken

Show your expertise:

• Minimum Bachelor of Science required, with a focus on IT- or IT-risk-related disciplines (for example, security, privacy, business continuity management and compliance).
• Basic knowledge of a broad range of standards and frameworks — for example, International Standards Organization (ISO) 27001, IT Infrastructure Library and ISO 20000, Capability Maturity Model Integration and Six Sigma.
• Knowledge of common risk management methodologies — for example, Control Objectives for Information and Related Technology (COBIT) and Committee of Sponsoring Organizations Enterprise Risk Management
• Excellent communication and presentation skills.
• Fluent in English. German language is a plus.

An environment that inspires:

• Engineer World Changing Facilities
• Health & Well-being
• Environment of Excellence
• Career Growth
• Commitment to an Incident-Free Workplace (IFW)
• Global Opportunities