Senior Analyst IT Governance, Risk & Compliance

Overview

As a Senior Analyst IT GRC, you will manage and enhance our IT Governance, IT Risk management, and Compliance program. As a member of a small global team of IT GRC professionals you will drive compliance with relevant regulations and cybersecurity frameworks such as ISO 27001, NIST CSF, NIS2 and TISAX. The ideal candidate will have deep knowledge of IT risk management, compliance frameworks and IT Cybersecurity technology.

Responsibilities

YOU will be involved in the following tasks:

• Develop, implement, and manage a comprehensive Information Security compliance, governance and risk management program aligned with the organization's business objectives and regulatory requirements
• Ensure compliance with relevant regulations and cybersecurity frameworks such as NIST CSF, ISO 27001, NIS2
• Conduct regular internal security audits to assess the effectiveness of existing controls
• Monitor and report on compliance metrics and key performance indicators (KPIs) to senior management
• Assist with development and maintenance of compliance policies, processes, procedures, and controls that align with regulatory requirements and industry best practices
• Coordinate external penetration testing and report on remediation status
• Support the implementation of a GRC platform or enhance existing systems to streamline risk and compliance management
• Monitor regulatory changes and industry trends to ensure that the organization's cybersecurity practices remain current and effective

Qualifications

What YOU will bring to the team:

• Strong experience with IT Governance, Risk and Compliance for controls and policies
• Experience with Governance, Risk and Compliance (GRC) tooling such as ServiceNow GRC, Workiva or others
• Strong experience in maintaining a mature risk management program and risk register
• Extensive knowledge with risk framework mapping and controls development
• Demonstrated expertise in compliance and risk management frameworks and methodologies like NIST CSF, ISO 27001, NIS2, ITIL, TISAX
• Strong technical know-how of IT systems/infrastructure & information security technical controls
• Excellent analytical, problem-solving, and decision-making skills
• Strong ability to manage and prioritize assignments based on fast paced and changing environment focusing on delivery
• Strong written and verbal communication skills, with the ability to convey technical information to both technical and non-technical audiences
• Ability to work independently and as part of a team
• Excellent English written and verbal communication skills
• Relevant certifications, such as CISA, CISM, CRISC or ITIL, are a big plus
• Minimum of 6 years of experience in IT Information Security and 3+ years in IT risk management, IT governance and compliance space.
• Any Bachelor's degree or Master’s degree in Computer Science, Information Technology or related field

In exchange we offer YOU the following benefits:

• Cafeteria and Private Health Care Insurance• Flexible working arrangements and home office possibilities• Structured onboarding support• Diverse career paths (people management, subject matter expert)• Development opportunities (free language courses, online learning courses)• Company events, CSR activities and possibility to join social groups