Detailansicht des Stellenangebots

The Challenge

As a leading European hosting provider, our infrastructure is the backbone of our customers' digital presence. We operate in a regulated environment where ISO27001, KRITIS and NIS2 are not just acronyms, but core operational requirements. Your challenge is to build a "Compliance-as-Code" culture — ensuring our distributed team of 10+ GRC professionals enables our engineers to move fast while remaining rock-solid against audits. Be the driver that moves the organization from "reactive" (audit-driven) to "proactive" (risk-driven).

Tasks

• Leadership & Scale: Mentor and lead a high-performing, distributed GRC team (10+ direct FTEs) and an indirect organization of 50+ people. Transition the team from manual evidence gathering to automated, data-driven oversight.
• End-to-End ISMS Lifecycle Ownership: Having the full accountability for the design, implementation, and continuous improvement of the management system.
• Integrated Management System (IMS): Lead the team to architect a unified IMS that bridges ISMS, Risk Management, and BCM.
• Regulatory Authority: Act as the primary interface for the BSI (Federal Office for Information Security). Own the implementation of NIS2 and the **KRITIS **across our international Brands and Products.
• Security Audits & Evidence: Drive ISO27001 re-certifications, TKG and BSIG (KRITIS) audits. Move us toward continuous compliance with real-time dashboards for executive reporting.
• Third-Party Risk (TPRM): In the hosting world, our supply chain is critical. Refine our vendor risk management to meet the stringent requirements of **NIS2 **and CRA.
• Collaboration with developing machine learning algorithms in our Dev teams, operating AI tools for our customers and using artificial intelligence in our day to day work to achieve this.Partner with Development teams to integrate machine learning algorithms, leveraging AI tools to enhance customer-facing operations and internal workflows.

Qualifications

• **Senior Tech Leadership: **at least 5+ years in GRC/Security & leadership positions, with ideally experience in the Hosting, SaaS, or Cloud sectors. You understand the difference between a "paper" ISMS and an operational one.
• Strategic Vision: Ability to define a 3-year roadmap for GRC maturity to ensure it evolves with the business. Moving the organization from "reactive" (audit-driven) to "proactive" (risk-driven).
• Framework Mastery: Hands-on experience with** ISO 27001, NIS2 & BCM**. You know how to map these frameworks to avoid double work.
• Regulatory Expert: You have successfully navigated** ISO27001/KRITIS** audits and are currently preparing (or have implemented) NIS2 strategies.
• Tooling Visionary: You prefer GRC tools (like Auditboard) over Excel. You able to define a tool driven vision of how GRC is able to work seamless across the organization.
• Organization Development: You know how to build up a network in a group with 10+ locations, various regional brands and how to structure and steer the organization effectively.
• Languages: Native/Professional German and fluent English.

Why This Role?

• High Visibility: You report directly to the Group CISO and have exposure to the Board of Management. Your work directly impacts our ability to sign major enterprise and public-sector contracts.
• Complexity at Scale: We aren't just securing an office; we are securing a massive, distributed and international infrastructure that powers thousands of businesses.
• Innovation: We want a leader who drives the team to automate the "boring" parts of GRC and leverage Artificial Intelligence, so that we can focus on high-level strategic risk.

Location: Berlin or Karlsruhe

Benefits

• Hybrid working model with home office option.
• Flexible working hours through trust-based working hours.
• At some locations a subsidized canteen and various free drinks.
• Modern office space with very good transport connections.
• Various employee discounts for activities and products.
• Employee events such as summer and winter parties, as well as workshops.
• Numerous training and development opportunities.
• Various health offers, such as sports and health courses.