Main Tasks: 

• Ensuring Compliance with Security and Regulatory Requirements: Monitor and assess adherence to legal, regulatory, and internal requirements in information security and data protection. 

• Conducting Audits and Assessments: Plan, coordinate, and execute internal and external audits as well as risk and compliance assessments to identify vulnerabilities and areas for improvement. 

• Consulting and Training: Support and raise awareness among business units and employees on compliance and security topics; conduct awareness trainings. 

• Risk Management: Identify, assess, and track risks related to information security and compliance; develop and implement risk mitigation measures. 

• Reporting and Communication: Prepare compliance status reports and communicate results and recommendations to management and relevant stakeholders. 

• Collaboration with Internal and External Partners: Work closely with IT, data protection, legal, internal audit, as well as external auditors and authorities. 

• Preparation and Support of Certifications: Assist in the preparation and execution of certifications (e.g., ISO 27001, TISAX) and ensure ongoing compliance with requirements. 

• Continuous Improvement: Analyze incidents, derive lessons learned, and continuously enhance compliance and security processes. 
  
  

Minimum Education and Qualification Requirements for the Position:  

• Degree in IT, business informatics, engineering, or a comparable qualification. 

• Several years of professional experience in information security, compliance, audit, or risk management. 

• Knowledge of relevant standards and legal requirements (e.g., ISO 27001, GDPR, NIS2). 

• Analytical thinking, strong communication skills, and assertiveness. 

• Certifications such as CISA, CISM, CISSP, or ISO 27001 Lead Auditor are an advantage. 

Soft Skills:  

• Exceptional collaboration and interpersonal skills with a proven ability to foster cooperation and empower a diverse team. 

• Strong strategic thinking and problem-solving capabilities.  

• Excellent communication and interpersonal skills, facilitating effective collaboration with diverse stakeholder groups at all levels.  

Tools and Technology Skills:  

• Proficient in GRC tools for managing governance, risk, and compliance processes, ensuring effective integration and reporting.  

• Familiarity with security frameworks and compliance standards such as ISO 27001, NIS2, and the Cyber Resilience Act, etc., to ensure proper alignment with regulatory requirements.  

• Proficiency in utilizing collaboration tools such as M365 and SharePoint to streamline communication and documentation within teams.