Job Opportunities in Germany

Location

Berlin

Contract

Full time

Job Category

Cybersecurity

THE ROLE & THE TEAM

Zalando’s Information Security Department is seeking an exceptionally talented security risk, compliance and governance leader with substantial operations/systems background to lead our Security Risk and Governance (SRG) team. In this role, you will lead a team of 5-10 people that maintain our ISMS, and manage security risks, third party security risks, as well as all topics related to compliance (e.g. NIS2 etc). The SRG team also maintains the security exception process along with the communication to stakeholders, supports the different business areas with specific attestations/certifications (e.g. SOC2, PCI DSS), and ensures remediation of audit findings owned by the information security team.

INCLUSIVE BY DESIGN

At Zalando, our vision is to be inclusive by design. And this vision starts with our hiring - we do not discriminate on the basis of gender identity, sexual orientation, personal expression, ethnicity, religious belief, or disability status. You are welcome to leave out your picture, age, or marital status from your application. We only assess candidates on their qualifications and merit.

We want to provide you with a great candidate experience. Feel free to inform us of any accommodations you may need, so we can best support you throughout the hiring process.
do.BETTER - our diversity & inclusion strategy: https://corporate.zalando.com/en/our-impact/dobetter-our-diversity-and-inclusion-strategy
Our employee resource groups: https://corporate.zalando.com/en/our-impact/our-employee-resource-groups

WHAT WE’D LOVE YOU TO DO (AND LOVE DOING)

• 
  Security governance - maintaining our ISMS, including the implementation/refinement of policies, standards, guidelines and procedures in cooperation with the respective process owners.
  
• Security risk management - managing and refining the IT security risk methodology, supporting third party and internal application security risk assessments, as well as preparation of the information security risk reporting for the Management Board.
  
• Compliance management - defining and implementing of baseline controls, implementation of relevant compliance, and continuous ISMS maturity assessment based on NIST 800-53.
  
• GRC Framework - leading and implementing enterprise-wide risk management frameworks that align with the industry standards (e.g. SOC2, NIS2, etc).
  
• Decision on compliance exceptions - owning decisions around IT compliance exceptions and ensuring alignment with security objectives.
  
• Security audit findings - coordination of the remediation of audit findings owned by the information security team.
  

WE’D LOVE TO MEET YOU IF

• You have more than seven years of experience and a deep knowledge of security governance, risk, compliance and audit.
  
• You possess over four years of experience in team development and leadership, successfully managing teams of more than five members.
  
• You demonstrate advanced expertise in information security policies, standards, and governance controls within complex computing environments.
  
• You have a strong understanding of information security frameworks, standards, and best practices (e.g., SOC2, NIST, GDPR).
  
• You possess exceptional written and verbal communication skills in English, with the ability to effectively translate security and risk concepts for stakeholders at all levels of the business.
  
• You can demonstrate your expertise through recognized certifications such as CISSP, Security+, CISM, CISA, ISO/IEC 27001 Lead Implementer, among others.
  

If you think you have what it takes, we encourage you to