Plus
Включить Plus
Назад
Company hidden
1 день назад

Head of GRC (IT Security)

Формат работы
hybrid
Тип работы
fulltime
Грейд
head
Английский
c1
Страна
Germany
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Head of GRC (IT Security): Lead the design, implementation, and continuous improvement of integrated management systems for compliance in a leading European hosting provider with an accent on ISO27001, KRITIS, NIS2, and BCM frameworks. Focus on transitioning from reactive audit-driven processes to proactive risk-driven oversight using automation, AI tools, and real-time dashboards.

Location: Berlin or Karlsruhe (Hybrid working model with home office option)

Company

Leading European provider of cloud infrastructure, cloud services, and hosting, serving six million customers across 18 markets in Europe and North America.

What you will do

  • Mentor and lead a distributed GRC team of 10+ direct reports and 50+ indirect, transitioning to automated, data-driven oversight.
  • Own end-to-end ISMS lifecycle, including design, implementation, and continuous improvement.
  • Architect a unified IMS bridging ISMS, Risk Management, and BCM.
  • Act as primary interface for BSI, implementing NIS2 and KRITIS across international brands and products.
  • Drive ISO27001 re-certifications, TKG/BSIG audits, and continuous compliance with executive dashboards.
  • Refine third-party risk management (TPRM) to meet NIS2 and CRA requirements.
  • Partner with Dev teams to integrate machine learning algorithms and AI tools for operations and workflows.

Requirements

  • Native/Professional German and fluent English.
  • 5+ years in GRC/Security leadership, ideally in Hosting, SaaS, or Cloud sectors.
  • Hands-on experience with ISO27001, NIS2, BCM; navigated ISO27001/KRITIS audits.
  • Strategic vision for 3-year GRC roadmap, shifting to proactive risk management.
  • Expertise in GRC tools like Auditboard over manual processes.
  • Experience building networks in multi-location organizations.

Nice to have

  • Experience preparing or implementing NIS2 strategies.

Culture & Benefits

  • Hybrid working model with home office and flexible trust-based hours.
  • Modern offices with good transport, subsidized canteen, free drinks.
  • Employee discounts, events like summer/winter parties and workshops.
  • Numerous training, development, sports, and health offers.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →