IT Security Manager, GRC

Role Overview

• Develop and implement the GRC framework for information security
• Continuously improve the GRC framework
• Embed governance, risk and compliance structures across the organization
• Ensure compliance with relevant legal, regulatory and normative requirements (e.g., ISO 27001, NIS2, DORA, BSI IT-Grundschutz, NGCB 5.260)
• Conduct internal audits
• Support and coordinate audits and inspections
• Support the ongoing development of the ISMS
• Identify, assess and document IT and information security risks
• Perform risk analyses and derive appropriate mitigation measures
• Track risks, mitigation measures and deviations/non-conformities
• Advise IT and business units on risk-based decisions
• Prepare reports, KPIs and management reports
• Report directly to the Group CISO

Requirements

• Degree in Computer Science, Business Informatics, IT Security or completed vocational training in IT (e.g., IT Specialist for System Integration) with relevant professional experience
• Several years of experience in IT security, ISMS or IT risk management
• Strong knowledge of relevant standards and regulatory requirements (e.g., ISO 27001, DORA, NIS2, BSI IT-Grundschutz, NGCB 5.260)
• Experience performing risk analyses, audit processes and implementing security measures
• Ideally hold certifications such as ISO 27001, CISM, CISSP or CRISC
• Analytical, structured and independent working style, strong communication and advisory skills, and willingness to travel of approximately 10–20%

Benefits

• 30 days of vacation
• Flexible working time models
• Option for remote/mobile work
• Company mobile phone
• Tablet
• In-house training center
• Opportunities for technical and professional development across the group
• Employee events
• Department events
• Occupational health management
• Company sports/fitness activities
• Occupational disability insurance
• Company pension scheme
• E-bike leasing
• Corporate benefits
• Employee discounts
• Local offers depending on location