Key skills
Risk ManagementCommunication
About this role
Role Overview
- Establish the GRC framework for information security
- Continuously develop and refine the GRC framework
- Embed governance, risk and compliance structures across the organization
- Ensure compliance with relevant legal, regulatory and normative requirements (e.g. ISO 27001, NIS2, DORA, BSI IT-Grundschutz, NGCB 5.260)
- Conduct internal audits and support external examinations
- Support the ongoing development of the ISMS
- Identify, assess and document IT and information security risks
- Perform risk analyses and derive appropriate measures
- Track risks, mitigation measures and deviations
- Advise IT and business units on risk-oriented decisions
- Prepare reports, KPIs and management reports
Requirements
- Degree in Computer Science, Business Informatics or IT Security, or completed vocational training in the IT field (e.g. IT specialist – system integration) with relevant professional experience
- Several years of experience in IT security, ISMS or IT risk management
- Very good knowledge of relevant standards and regulatory requirements (e.g. ISO 27001, DORA, NIS2, BSI IT-Grundschutz, NGCB 5.260)
- Experience performing risk analyses, audit processes and implementing security measures
- Ideally certified or holding qualifications such as ISO 27001, CISM, CISSP or CRISC
- Analytical, structured and independent way of working
- Strong communication and advisory skills
- Willingness to travel approx. 10–20%
Benefits
- 30 days of vacation
- Flexible working time models
- Option to work remotely/mobile working
- Company mobile phone
- Tablet
- In-house training center
- Opportunities for technical and professional development across the corporate group
- Company-wide employee events
- Department events
- Occupational health management
- Company sports
- Occupational disability insurance
- Company pension scheme
- E-bike leasing
- Corporate Benefits
- Employee discounts
- Local offers depending on location