The number one objective: to create a secure and resilient IT environment for everyone.
A secure and resilient IT environment is a key cornerstone for all business processes at the Fresenius Group. Being a therapy-focused healthcare company that offers system-critical products and services for the care of critically and chronically ill patients, there is a great deal of responsibility placed on the company’s shoulders – any issues with the IT systems could quickly become life-threatening for patients. At the same time, the IT landscape within the company is both complex and non-standardized, which makes protecting the entire system highly complicated. This all means that the IT Security department at Fresenius Digital Technology (FDT) plays a vital role in safeguarding the organization’s infrastructure, sensitive data and its production of medical products.
Our work centers around the security of the IT infrastructure and applications. We see security as an integral part of IT, and we approach it in line with the latest standards and best practices. One of the greatest challenges throughout IT at Fresenius is the lack of standardization between the different locations and business areas, and, as a result, the architectures, solutions, and software. Defining and following common standards is not always easy, but this is one of the things that makes our work so interesting!
It is often a bit of a balancing act: on the one hand, we always try to make business processes as secure as possible; but we also need to bear in mind the business segments’ practical requirements – we need them to be able to do their work as efficiently and at the same time as safely as possible.
We are looking for (cyber) security professionals. Specifically, this means people with relevant technical expertise, for example from a technical degree or equivalent vocational training (e.g. IT systems engineering, software development and similar areas). Relevant professional experience, ideally within IT security, is desirable.
People who want to change things, drive things forward and help create homogeneous structures in a very diverse environment are in the right place with us. Our small, powerful team is currently (2022) being built up, which opens up many opportunities for individual development and shaping your own areas.
In addition to specialist knowledge, communication skills are important to us. After all, our work is always a balancing act between safety requirements and the practical needs of the business units. In our international environment, fluent German and English are a prerequisite and other languages are an advantage.
Future colleagues must also be able to cope with stress. On the one hand, we work on structured projects that are easy to plan. But on the other hand, IT security means that urgent tasks have to be solved at short notice - because cyber threats usually come without notice. We simply have to react quickly. We welcome generalists and specialists in equal measure.
In Security Management, we create and maintain an integrated management system for information security (ISMS), which supports the safe implementation of the FDT strategy. This includes a governance framework, as well as the relevant processes, and the definition of technical and organizational measures (TOMs) for the operative level. We follow the group-wide guidelines here, as well as those included in certifications (e.g. ISO 27001) and regulations. We also update documentation and formulate policies. Furthermore, we cover what is known as “people security” – this involves running training sessions and raising awareness. One of our key tasks is creating transparency: for example, regarding the technical and organizational security measures for platforms and services at FDT, and adhering to organizational and regulatory guidelines.
In the field of Architecture & Design, we develop the security architecture, so it supports the company’s strategic goals. We define and implement controls and protective measures within the system environment to ensure the confidentiality, integrity, and availability of data at all times. We translate security requirements into specific measures and define the toolsets required for these. This work involves working together with relevant stakeholders across the company.
Our Security Operations work involves implementing technical organizational measures at the operative level. This encompasses security activities across all levels: including servers, networks, cloud-based solutions, and software; as well as protecting employees’ individual devices – this concerns tools, virus protection, back-up solutions, etc. And, of course, the work also includes the proactive monitoring of incidents and attacks, as well as responding to these. We work closely with internal parties here, as well as Fresenius CERT and other areas of the company.
The large collaborative project Unity concerns restructuring part of the network design and implementing additional security features that relate to this. As part of the project, we are checking the requirements and assessing service providers with regard to security operations. Requirements are constantly changing and the recent Covid pandemic has shown that changes can happen very quickly and with very little advanced warning.
Cloud Platform Security is another large-scale project. We are working together with our partners in the segments to ensure that all structures and applications operating in their own and partner environments are secure. By contrast, Endpoint Security focuses on the security of all employees’ computers. This ranges from suitable and up-to-date virus protection to dealing with user admin rights. For example, someone with an office job will need different access rights to a service technician. It is extremely important to clearly distinguish special admin rights from the rights of normal users.