Cybersecurity Risk & Compliance Specialist (f/m/div.)

Company Description

In Ovar, our main mission is to guarantee everyone's safety by being ready to act in the event of danger. Our company, with about 1200 associates, develops, creates and produces inspiring solutions for a safe and enjoyable life. This success is due to the highly qualified people with a high level of knowledge and their dedication that makes and contributes for the unique environment we have in Bosch: The feeling of a Family.

Building solutions for a better life. The Bosch Building Technologies division is a leading international provider of systems, solutions and services that increase the safety of people, buildings and property and also contribute to greater comfort, energy efficiency and sustainability.

Bosch Building Technologies is divided into the international product business and the regional system integration business. Currently, the three product areas of video systems, access control & intrusion detection systems and communication systems as well as the associated cross-divisional functions within the division are to be set up as an independent unit and then further developed as a sustainable core business by a new owner.

Job Description

The CISO office is growing, and we are hiring a Cybersecurity Risk and Compliance Specialist. Being responsible for ensuring the organization’s information systems and processes adhere to relevant cybersecurity frameworks, regulatory requirements, and internal policies. This role involves assessing, managing, and mitigating risks while fostering a culture of compliance and proactive security practices. The specialist will collaborate with cross-functional teams to identify vulnerabilities, design control measures, and monitor the effectiveness of security programs. 

Your contribution to something big:  

Risk Assessment and Management 

• Conduct cybersecurity risk assessments to identify potential threats, vulnerabilities, and impacts. 
• Develop and implement risk mitigation strategies and recommend security controls. 
• Maintain the organization’s risk register and ensure risks are regularly reviewed and updated. 

Compliance and Regulatory Requirements 

• Ensure adherence to industry standards (e.g., ISO 27001, NIST, GDPR). 
• Monitor regulatory changes and assess their impact on the organization’s cybersecurity posture. 
• Prepare and facilitate audits, both internal and external, and address any findings or gaps. 

Policy and Framework Development 

• Develop and maintain cybersecurity policies, procedures, and guidelines. 
• Ensure alignment of policies with legal, regulatory, and business requirements. 
• Promote awareness of compliance obligations and best practices within the organization. 

Monitoring and Reporting 

• Monitor and report on compliance with internal controls, frameworks, and regulatory standards. 
• Develop dashboards and metrics to track key risk and compliance indicators (KRIs/KCIs). 

Vendor and Third-Party Risk Management 

• Assess and manage cybersecurity risks associated with third-party vendors and partners. 
• Review and validate vendor security assessments, certifications, and contractual obligations. 

Incident Management and Response 

• Support incident response efforts by ensuring compliance with policies and regulatory requirements. 
• Document lessons learned and recommended updates to processes and controls. 

Qualifications

What distinguishes you:

• Experience: 5/10+ years of experience in Cybersecurity, Information Technology, Risk Management, or related field. 

• In-depth knowledge of cybersecurity principles, risk management practices, and compliance frameworks. 

• Strong analytical and problem-solving skills to assess risks and develop mitigation strategies. 

• Familiarity with tools for compliance management, risk assessment, and security monitoring. 

• Ability to work collaboratively in a team and adapt to a dynamic environment. 

• Communication & Leadership: Excellent communication skills, with the ability to collaborate effectively across technical, business, and executive teams. Strong leadership and mentoring capabilities in guiding junior resources and providing strategic direction. 

Desired Skills:

• Certifications: Industry certifications such as CISSP, CISM, CRISC, CISA, or similar are highly desirable. 

• Strong problem-solving skills and the ability to handle complex challenges in a dynamic environment. 

• Experience with regulatory frameworks and standards such as ISO 27001, NIST, GDPR. 

• Knowledge of security tools such as SIEM, vulnerability scanners, and GRC platforms. 

• Experience with third-party risk management and vendor assessments. 

• Understanding of data privacy regulations and their application in a business context. 

Additional Information

Hybrid model: 2 days at the office

Work #LikeABosch includes:

Flexible work conditions | Hybrid work system | Exchange with colleagues around the world | Health insurance and medical office on site (nutrition, psychology, physiotherapy, general clinic) | Training opportunities (p.e., technical training, foreign languages training) & certifications | Access to great discounts in partnerships and Bosch products | Sports and health related activities (gym) | Free parking lot | Canteen

Success stories don´t just happen. They are made...

Make it happen! We are looking forward to your application!