Senior Security Implementation Consultant responsible for implementing security controls in HPC environments. Working with teams on PKI, PAM, IAM, and infrastructure security solutions.
VK
Hybrid Manager, Cyber Security – Regulatory Compliance
Posted 2 months ago
About the role
- Manager in Cyber Security & Regulatory Compliance overseeing IT security and compliance processes at C.H.BECK, a longstanding media group. Engaging in risk management and collaboration across departments.
Responsibilities
- Establish, operate and continuously develop a group-wide ISMS in accordance with ISO/IEC 27001:2022 and ISO/IEC 42001
- Introduce and enhance structured and partially automated compliance processes, e.g., for evidence collection, controls and audit preparation
- Integrate regulatory requirements (DORA, EU AI Act, NIS2, GDPR) into existing compliance structures
- Prepare, coordinate and support internal and external audits, with a focus on automation and reduced documentation overhead
- Maintain the risk and asset registers and perform standardized risk assessments in IT, AI and project contexts
- Implement AI governance according to ISO/IEC 42001 and establish AI risk management across the entire lifecycle
- Implement the requirements of the EU AI Act for high‑risk AI systems
- Implement requirements for IT risk management, business continuity, disaster recovery and incident management in line with legal and regulatory obligations
- Develop, harmonize and maintain group‑wide security policies
- Work closely with IT, Legal, Data Protection, Procurement, Sales and external auditors, and prepare regular management reports
Requirements
- Degree in Business Law, IT Law, Law & Compliance or an equivalent qualification
- Relevant professional experience in IT law, data protection, compliance, regulation, or in interface roles between Legal and IT
- Strong knowledge of relevant standards and regulations, in particular: ISO/IEC 27001, ISO/IEC 42001, GDPR, EU AI Act, DORA, NIS2
- Documented further training in information security, ideally as an ISO/IEC 27001 Practitioner, Lead Implementer or Lead Auditor
- Experience analyzing regulatory requirements, producing compliance documentation and supporting internal and external audits
- Excellent communication skills and a confident presence with auditors, business units and management
- Structured, independent and solution‑oriented working style with strong analytical skills
- Excellent German and English language skills
- Advantageous: experience with GRC/TPRM tools (e.g., OneTrust, Vanta, Drata)
Benefits
- Sports and health programs — cooperation with EGYM
- Flexible working arrangements: 37.5 hours/week full-time with flextime and home office
- After-work beer, internal staff trade fair, summer and winter company events
- Travel and lunch allowances, parking with e-charging infrastructure, book discounts & much more!
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Location requirements
Lead Security Architect at Synchrony focusing on Zero Trust networking across various environments. Partnering with teams to design and implement secure connectivity and policies.
Enterprise Account Specialist engaging with key clients to design customized solutions within sales. Conducting market research and driving contract renewals for mid - to - large accounts.
Senior Product Go - to - Market & Partner Strategy role at Fortinet involving business development and product management in the cybersecurity sector.
Cybersecurity professional executing the cybersecurity program at Nightwing Intelligence Solutions. Responsible for RMF documentation, vulnerability assessments, and incident response in Sterling, VA.
Lead Cybersecurity Engineer driving security testing automation at AT&T. Collaborating with teams to enhance security across telecom networks and systems.
Senior Network Security Engineer driving Zero Trust security fabric design and optimization at CRC Group. Hands - on role managing Zscaler and Palo Alto implementations across multi - cloud environments.
Lead Business Analyst in the IAM Intake & Enablement team within Global Security. Driving IAM initiatives and enhancing access management at RBC.
Cybersecurity Intern supporting the Information Security team at Toyota Insurance. Assisting in developing security programs and conducting risk assessments for enterprise systems.
Cyber Security Intern contributing to real projects in a dynamic banking environment at Luminor. Collaborating with teams and gaining hands - on experience in cyber security.