Security Governance, Risk & Compliance Manager (all genders)

Company Description

Roland Berger, founded in 1967, is the only strategy consultancy of European origin with a strong international presence. We support major international industrial and service companies as well as public institutions in all aspects of corporate management - from strategic alignment to the introduction of new business processes and organizational structures. From the beginning we have worked in different languages and cultures. We value different perspectives and approaches and rely on the diversity of our employees. We look for and encourage authentic personalities with an entrepreneurial spirit. If you like to take the initiative and make a difference as part of a team, you've come to the right place. 

Job Description

As Security GRC Manager (all genders) you are part of Roland Berger’s powerful and global IT security team. Together with highly motivated colleagues you can contribute significantly to the security of our IT environment, assets and intellectual property. 

• Lead Security governance, risk, and compliance (GRC) efforts related to Data Loss Prevention (DLP), eDiscovery, and information governance within an Azure-centric infrastructure. 

• Define and manage compliance roadmaps, ensuring alignment with standards such as ISO 27001, NIS2, and GDPR. 

• Support internal stakeholders in maintaining audit readiness and overseeing the implementation of Microsoft Purview, DLP policies, and other M365 security controls. 

• Collaborate with legal and GRCD teams on eDiscovery and regulatory response workflows. 

• Provide expert input into customer RFPs and due diligence questionnaires, ensuring alignment with current compliance postures and security controls. 

• Assist in maturing security policies, procedures, and documentation aligned with Azure and Microsoft 365 technologies. 

Qualifications

• Proven experience in GRC, information security, or IT compliance roles with hands-on mentality 

• Strong understanding of Microsoft Purview, Azure Information Protection, and M365 DLP/eDiscovery features or experience with similar tools and environments. 

• Experience managing or contributing to ISO 27001, or Cyber Essentials certification programs. 

• Excellent writing and communication skills, especially in responding to security questionnaires and RFPs. 

• Strong knowledge of data privacy regulations (GDPR, CCPA) and risk assessment methodologies. 

• Ability to work cross-functionally with technical, legal, and business stakeholders. 

• Certifications such as CISA, CISM, ISO 27001 Lead Implementer/Auditor, or Microsoft Security certifications are a strong plus. 

Additional Information

Have we aroused your interest? We are looking forward to receiving your complete application documents (resume, academic testimonials and work references). 

For further details on the position, please visit join.rolandberger.com. If you have any questions, please do not hesitate to contact Julia Obermair by phone: +49 89 9230-9169.