Security Risk & Compliance Specialist (PID0634)

About The Position

Requirements

• 3+ years of experience in security architecture, security engineering, cloud security or a related field
• Strong grounding in security architecture principles, secure design patterns and DevSecOps frameworks
• SME-level experience in at least one of the following: Security Architecture and Design, Cloud Security, Identity and Access Management, Application Security, DevSecOps and Automation, Incident Response and Resilience, or Cryptography and Data Protection
• Experience translating technical security requirements into actionable designs and documentation
• Fluent English, spoken and written (C1 minimum)

Nice To Haves

• Experience designing and implementing security and compliance controls for platforms
• Familiarity with threat modelling methodologies and risk assessment
• Experience with DevSecOps practices and tools for integrating security into platform development
• Experience with cloud posture management and detection tools (CSPM, KSP, workload protection)
• Knowledge of security and compliance frameworks including ISO/IEC 27001, CSA CCM, BSI Grundschutz, NIST CSF and NIST OSCAL
• Familiarity with sector-specific regulations such as NIS2, CRA, KRITIS and BSI C5
• Understanding of CNCF-related ecosystems (Kubernetes, KeyCloak, Kyverno, Trivy, etc.)

Responsibilities

• Deriving concrete technical controls from high-level control objectives and frameworks such as NIS2 and ISO 27001
• Converting compliance and risk requirements into clear non-functional requirements (NFRs) for product lines and platform architecture
• Maintaining the NFR "Security" category and providing recommendations on definition-of-done for control implementation and testing
• Contributing to Product Release Specification (PRS) workflows by validating security-related inputs
• Enabling product line security champions and architects to implement requirements in alignment with ISRC governance structures
• Providing technical clarification during review cycles and identifying gaps in security-related design decisions
• Offering hands-on technical guidance to product lines when deeper analysis is required, while ensuring they remain the accountable implementation owner
• Collaborating with architects, product lines and governance teams to ensure consistent control adoption across the programme
• Facilitating communication and enablement activities for new or updated controls

Benefits

• Flexible Arbeitszeiten
• Freiheit, eigene Projekte zu wählen
• Zugang zu spannenden Projekten in verschiedenen Branchen
• Unterstützung bei beruflicher Entwicklung
• Attraktive Vergütung
• Engagiertes Team, das bei Fragen zur Seite steht
• Unabhängiges Arbeiten
• Starkes Netzwerk