Security assessor for the telematics infrastructure (m/f/d)

Security assessor for the telematics infrastructure (m/f/d)

Bonn

To the job overview
SRC Security Research & Consulting GmbH is a management consultancy specializing in information security with headquarters in Bonn. We use our many years of in-depth expertise to develop, implement and assess secure IT systems. Originally coming from the electronic payment sector, SRC has opened up numerous other markets in recent years and is now the leading testing body for the assessment of products in the context of the digitalization of the German healthcare system (keyword: TI in healthcare). Together with our customers, we create standards for secure systems and enable our customers to do better business “with security”. SRC pools cutting-edge expertise and uses it to support our customers in the development and implementation of secure systems. In your role as a security assessor, you will make a decisive contribution to the security of the digitalization of the German healthcare system. You will work on projects with high social relevance that ensure the security of sensitive healthcare data at the highest level. You will deal with the latest topics in information security and actively shape the future in a highly regulated, forward-looking environment. As a security assessor for the telematics infrastructure, you will analyze and evaluate the security of development and operating processes of IT systems in the healthcare sector, such as electronic patient records, e-prescriptions or apps for insured persons. You will support manufacturers and providers in the approval of innovative products that meet the industry’s high security requirements. In your role as project manager, you will take responsibility for the timely completion of security assessments and coordinate interdisciplinary teams consisting of various specialist and auditor roles.

Your tasks

• Analysis and evaluation of the information security of manufacturers and providers of applications and services in the healthcare sector, including electronic patient files, e-prescriptions and other applications of the telematics infrastructure
• Testing of secure development and operating processes for applications in accordance with gematik requirements
• Preparation of safety reports as first reviewer and coordination of the second reviewer and other experts in the project
• Main contact person for the customer during the entire project
• Project management and planning in close coordination with customers and other stakeholders
• Main contact person for the customer during the entire project
• Support in the calculation of projects and preparation of offers
• Responsibility for the timely preparation of test reports and expert opinions
• Continuous development of expertise in relation to new applications and technologies of the telematics infrastructure

Your profile

• Passion for information security and an interest in security processes and regulatory requirements.
• Ability to work independently and lead teams as a project manager
• Confident appearance and excellent communication skills in German
• Strong analytical skills and a good technical and procedural understanding.
• Completed studies in mathematics, computer science, engineering or a comparable field, alternatively completed training with relevant professional experience
• Experience in and interest in (partial) project management of assessment projects
• Experience in auditing (ideally you are already a CISA)
• Experience with information security (ideally you are already a CISSP)
• At least 4 years of professional experience (3 years if you have a CISA or a degree) in at least two of the following subjects: Security and Risk Management
• Asset Security
• Security Architecture and Engineering
• Communications and Network Security
• Identity and Access Management (IAM)
• Security Assessment and Testing
• Security Operations
• Software Development Security

• Desirable: In-depth knowledge of at least two of the following topics: Network security, ISMS (ISO 27001 and basic protection), creation and testing of security concepts, vulnerability management, incident management, BCM, logging and SIEM, cryptography and key management, data protection or secure development processes

• Desirable: Industry knowledge in the healthcare sector and ideally in-depth knowledge of the telematics infrastructure
• Willingness to travel