Information Security Specialist (f/m/d)

The successful candidate will join the Information Security, Risk & Regulations unit of the CTO. The Information Security, Risk & Regulatory unit supports the CTO product lines to comply with the ICT Risk Framework, by continuously improving existing controls, analyzing security gaps identified by control functions and designing and implementing suitable solutions in collaboration with the products. The unit works closely with stakeholders across the Group to close or mitigate these gaps and ensure sustainable remediation. Through these activities, the unit directly contributes to improving the Information Security KPIs vulnerability SLA adherence, findings, coverage of the CTO IT assets and represents the CTO area in the group wide Security Committee thus strengthening the overall security posture of the organization.

• Lead Vulnerability Quality & Drive Resolution Across Teams
• Ensure that vulnerabilities generated by scanners are high quality, actionable, and correctly classified.
• Design and enhance processes that make vulnerability intake, triage, and escalation predictable, transparent, and efficient.
• Take ownership of escalated blockers, partnering with engineering, cloud, and platform teams to remove obstacles and drive real remediation progress.
• Identify cross product patterns and help improve our scanning approach to increase accuracy and reduce operational friction.
• Partner closely with our CTO Hyderabad Vulnerability Operations team to ensure smooth and efficient daily handling without any overdue.
• Align with Group Information Security to evolve scanning capabilities in line with organizational needs.
• Support integration of security controls into CI/CD pipelines and cloud environments.
• Shape Secure Architecture & Influence Technical Direction
• As part of projects or regular releases, contribute to solution designs for alignment with our security standards and architectural principles.
• Challenge designs with a constructive, solution-oriented mindset, helping teams build secure, scalable, and resilient systems.
• Build Relationships & Drive Security Culture Forward
• Build trusted partnerships with Group Information Security, DevSecOps, Cloud Infrastructure, application owners, and operations teams.
• Communicate security topics clearly and constructively, tailoring your message to technical and non‑technical audiences.
• Act as a facilitator who aligns teams, resolves blockers, and helps everyone move forward in the same direction.

• Minimum 5 years of experience as Information Security professional.
• Solid experience in Vulnerability Management or Security Operations, including working with enterprise scanning tools.
• Strong understanding of cloud environments and the integration of security controls into CI/CD workflows.
• Experience reviewing solution architectures, identifying gaps, and providing actionable security recommendations.
• Ability to collaborate with globally distributed teams and proactively resolve blockers across engineering, cloud, and platform domains.
• Strong communication skills, including the ability to translate complex security topics for both technical and nontechnical audiences.
• Proven capability to drive processes, improve operational workflows, and ensure high-quality outputs (e.g. ticket intake, triage, classification).
• Constructive, solution-oriented mindset with strong analytical and problem-solving skills.
• Ability to work independently, prioritize effectively, and drive initiatives end-to-end.
• Strong relationship building capability and a collaborative approach.
• Comfortable navigating ambiguity and influencing decisions without formal authority.
• Proficiency in written and spoken English required.
• A relevant degree, or equivalent practical experience, in Information Technology, Computer Science, Cybersecurity, Engineering, or a related technical field.
• Hands-on experience with cloud platforms (Azure, GCP) and containerized environments (Kubernetes, Docker).
• Familiarity with secure coding practices, CI/CD orchestration tools, and infrastructure-as-code concepts.
• Experience working with or alongside enterprise InfoSec teams and central governance bodies.
• Security-related certifications (e.g., CISSP, CISM, CCSP, CEH, GIAC) are a strong plus.
• Previous engaging experience with stakeholders across architecture, engineering, and operational teams—acting as a facilitator and bridge-builder.