Head of Security Risk and Governance (all genders)
Berlin
Zalando
Shop the latest fashion & shoes online | Free delivery* & returns on most of the orders | Over 1,900 Brands – new products every day!THE ROLE & THE TEAM
Zalando’s Information Security Department is seeking an exceptionally talented security risk, compliance and governance leader with substantial operations/systems background to lead our Security Risk and Governance (SRG) team. In this role, you will lead a team of 5-10 people that maintain our ISMS, and manage security risks, third party security risks, as well as all topics related to compliance (e.g. NIS2 etc). The SRG team also maintains the security exception process along with the communication to stakeholders, supports the different business areas with specific attestations/certifications (e.g. SOC2, PCI DSS), and ensures remediation of audit findings owned by the information security team.
INCLUSIVE BY DESIGN
At Zalando, our vision is to be inclusive by design. And this vision starts with our hiring - we do not discriminate on the basis of gender identity, sexual orientation, personal expression, ethnicity, religious belief, or disability status. You are welcome to leave out your picture, age, or marital status from your application. We only assess candidates on their qualifications and merit.
We want to provide you with a great candidate experience. Feel free to inform us of any accommodations you may need, so we can best support you throughout the hiring process.
do.BETTER - our diversity & inclusion strategy: https://corporate.zalando.com/en/our-impact/dobetter-our-diversity-and-inclusion-strategy
Our employee resource groups: https://corporate.zalando.com/en/our-impact/our-employee-resource-groups
WHAT WE’D LOVE YOU TO DO (AND LOVE DOING)
Security governance - maintaining our ISMS, including the implementation/refinement of policies, standards, guidelines and procedures in cooperation with the respective process owners.
Security risk management - managing and refining the IT security risk methodology, supporting third party and internal application security risk assessments, as well as preparation of the information security risk reporting for the Management Board.
Compliance management - defining and implementing of baseline controls, implementation of relevant compliance, and continuous ISMS maturity assessment based on NIST 800-53.
GRC Framework - leading and implementing enterprise-wide risk management frameworks that align with the industry standards (e.g. SOC2, NIS2, etc).
Decision on compliance exceptions - owning decisions around IT compliance exceptions and ensuring alignment with security objectives.
Security audit findings - coordination of the remediation of audit findings owned by the information security team.
WE’D LOVE TO MEET YOU IF
You have more than seven years of experience and a deep knowledge of security governance, risk, compliance and audit.
You possess over four years of experience in team development and leadership, successfully managing teams of more than five members.
You demonstrate advanced expertise in information security policies, standards, and governance controls within complex computing environments.
You have a strong understanding of information security frameworks, standards, and best practices (e.g., SOC2, NIST, GDPR).
You possess exceptional written and verbal communication skills in English, with the ability to effectively translate security and risk concepts for stakeholders at all levels of the business.
You can demonstrate your expertise through recognized certifications such as CISSP, Security+, CISM, CISA, ISO/IEC 27001 Lead Implementer, among others.
If you think you have what it takes, we encourage you to apply even if you don't meet every single requirement. You may just be the right candidate for this or other roles!
OUR OFFER
Zalando provides a range of benefits, here’s an overview of what you can expect. Ask your Talent Acquisition Partner to learn more about what we offer.
Employee shares program
40% off fashion and beauty products sold and shipped by Zalando, 30% off Zalando Lounge, discounts from external partners
2 paid volunteering days a year
Hybrid working model with 60% (or more) remote per week, actual practice is up to each team to best support their collaboration
Work from abroad for up to 30 working days a year
27 days of vacation a year to start
Relocation assistance available (subject to prior agreement)
Family services, including counseling and support
Health and wellbeing options (including Gympass)
Mental health support and coaching available
Learn all about Zalando and our values here: https://jobs.zalando.com/en/?gh_src=22377bdd1us
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security CISA CISM CISSP Compliance GDPR Governance ISMS NIS2 NIST NIST 800-53 PCI DSS Risk assessment Risk management SOC 2 Strategy
Perks/benefits: Career development Fitness / gym Health care Relocation support
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.