CISO

foodpanda is part of the Delivery Hero Group, the world’s pioneering local delivery platform, our mission is to deliver an amazing experience—fast, easy, and to your door. We operate in over 70+ countries worldwide. Headquartered in Berlin, Germany. Delivery Hero has been listed on the Frankfurt Stock Exchange since 2017 and is part of the MDAX stock market index. Job Description Who are we? At Delivery Hero, we believe in delivering more than just food - we deliver experiences. Operating in over 70+ countries worldwide, and headquartered in Berlin, we are one of the world’s leading local delivery platforms, listed on the Frankfurt Stock Exchange since 2017. Role Summary As CISO for 3 of our brands (foodora, foodpanda and Yemeksepeti) you are the central voice for security of the platform that serves 17 countries and will be responsible for executing the security strategy, implementing the associated operating model and monitoring security risks. • Ensuring compliance with DH security policies, and local laws & regulations. • Managing security budgets. • Facilitating the recruitment, retention and development of security profiles. What’s On Your Plate?Security Strategy, Operating Model, and Risk (60%) • Adapt and execute locally the security strategy with stakeholders across the organisation, in line with the worldwide global security strategy. • Ensures security objectives are understood and continuously worked towards across the organization. • Takes ownership of security decisions made across pandora. • Collect, monitor, manage and report on security risks for pandora. • Handle security incidents across pandora. • Build DevSecOps culture and ensure security is embedded in how tech and other functions work. • Ensure business projects undergo security validation processes. Security Assurance & Compliance (20%): • Ensure compliance with Delivery Hero internal policies and guidelines. • Ensure compliance with regional security laws and regulations. • Promote security awareness and culture across pandora. • Represent pandora and interact with local security authorities and external auditors. • Represent pandora security in the Global Security Council, other regulatory bodies, and interact/coordinate accordingly for specific security topics in pandora. • Evangelize the importance of security across pandora helping to shift culture where needed to a security-first mindset. Financial Resources (10%): • Manage and monitor the pandora security budget • Define and implement a local security Make or Buy strategy, derived from the Global security Make or Buy strategy. People, Talents & Competences (10%): • Facilitate the recruitment of security profiles, in line with the local and global recruitment plans to build and grow a strong security team. • Adapt, tailor and execute locally the corporate attractiveness & retention plan, the competence & development plan and the diversity & inclusion plan. What Did We Order? • 12+ years of experience in security, with at least 6 years prior experience as CISO managing security teams (optimal in finance/fintech/e-commerce/ insurance sector) • Ability to work under high workload • Security thought leadership. • Strong experience in building highly secured products and systems. • Expert in different security topics (defensive, offensive, cloud sec, app sec, compliance). • Executive level communication skills. • Deep business acumen. • Deep understanding of zero trust principles and architectures. • Long Term strategic focus and ability to translate strategic business objectives to security objectives. • Ability to build trust across organizations to grow together as a tech team. • Ability to execute complex projects that span across the organization. • Good understanding of agile and lean concepts. • Ability to lead without authority creating clarity and alignment across the organization. • Ability to find and hire the best talent. • Ability to lead with high emotional intelligence. • Ability to grow and mentor leaders. • Ability to make executive-level decisions. • Takes extreme ownership of pandora’s strategy and goals. • Certifications: • CISSP • At least 2 cloud certifications among AWS SAA, AWS Security, GCP Cloud Engineer, GCP Cloud Security Engineer • Nice to have: • at least 2 SANS courses (GREM, GCFA, GCDA, GNFA, GCIH) • 1 offensive security certification, such as OSCP Other detailed qualifications: • Deep understanding of network and security protocols and familiarity with a wide range of security tools such as firewalls, intrusion detection systems, and vulnerability scanners, as well as how they can be exploited by attackers • Experience designing and implementing security measures for cloud-based systems • Experience with developing and reviewing aggregated performance metrics (KPI's) to report and measure performance, including MTTR and MTTD • Experience with incident response processes and best practices,...