Security Governance Specialist

A few of the partners we’re proud to be trusted by:

We are recruiting a Security Governance Specialist with experience in security governance, risk management, and policy development, extensive knowledge of cybersecurity, and strong leadership skillsFind a full list of the required qualifications below.

This is a fully remote role embedded with our client – a major German software group.

As a Security Governance Specialist, you are a key member of the cybersecurity leadership team, responsible for setting strategic direction in cybersecurity and defining robust policies to protect the company’s digital assets. The role involves extensive analysis to identify security gaps, development of a sophisticated governance model, and the continuous updating of policies and strategies to align with evolving business needs and regulatory requirements.


Strategy & Resourcing:

  • Direct the formulation and execution of overarching cybersecurity strategies.
  • Perform security control gap analyses to pinpoint deficiencies and devise improvement plans.
  • Help ensure the team’s skills and competencies align with organizational security objectives.
  • Oversee security vendor relationships and collaborations with procurement teams.

Security Governance:

  • Innovate the security governance framework and tooling to ensure it is robust, resilient, and business-aligned.
  • Collaborate with the Security Enablement function to embed governance controls across the technology landscape.
  • Organize and lead governance meetings with stakeholders to ensure security policies are current, compliant, and effective.

Security Policy Management:

  • Maintain and regularly refine security policies, adapting to new threats and compliance with legal and regulatory updates.
  • Synchronize policy frameworks with vertical-specific Information Security Officers (ISOs) to meet unique requirements.

Metrics & Reporting:

  • Collect, analyze, and report cybersecurity metrics from various operational areas.
  • Offer detailed reports on cybersecurity activities, pinpointing potential risks and opportunities.
  • Tailor reporting processes and metrics to enhance stakeholder insights into cybersecurity operations and needs.

Cyber Risk Culture & Behaviour:

  • Oversee the security training program for personnel across the organizational hierarchy.
  • Promote and enhance the company’s cyber risk culture through active engagement, communication, and educational initiatives.

Incident & Crisis Readiness:

  • Regularly revise and improve the incident and crisis management framework to keep it current and actionable.
  • Streamline the processes for threat intelligence gathering and sharing, and liaise with the Security Operations Center (SOC) for enhanced incident response. 

Experience and qualifications

  • Bachelor’s degree in Information Security, Computer Science, or related field; Master’s preferred.

  • Professional certifications such as CISSP, CISM, or CISA.

  • Proven experience in security governance, risk management, and policy development.

  • Extensive knowledge of cybersecurity frameworks, compliance regulations, and industry best practices.

  • Strong leadership skills, with experience managing cross-functional teams and external vendors.

  • Excellent communication skills to facilitate meetings and deliver clear, concise security communication to various stakeholders, and facilitating security training and awareness programs.

  • Ability to create detailed documentation, policy, and procedure materials in support of cybersecurity efforts.

  • Diligent and detail-oriented approach to cybersecurity, capable of thorough analysis and clear reporting.

  • A flexible and adaptive mindset, willing to take on a variety of tasks as needed to support the security posture of the organization.

  • Fluent English is required.

What we offer

  • An opportunity to work in a cutting-edge field and handle critical security governance challenges.

  • Career development opportunities through continuous learning and professional growth.

  • A collaborative work environment that values innovation and creativity. 

Why join the K&C team and this project?

  • German IT company with HQ in Munich
  • 23 years history
  • Competitive compensation
  • Talented team with flat hierarchy
  • Flexible working schedule

Sounds interesting? We are excited to get to know you!

If you have any questions you would like to ask or if there is any additional information you would like to receive, please feel free to get in touch via either [email protected] or the contact form at the bottom of this page.


Working with K&C

K&C has a win-win organisational culture –
we know we only succeed when our team members do too!

K&C is an international software development company with 100+ experts split between our offices in Munich (HQ) Kyiv, Krakow, Sofia, Baku and Sulaimaniya. We provide consulting and direct services for the complex IT-Projects of major European clients such as Commerzbank, Nestle, Bosch, Raiffeisen, METRO, DER Touristik, Lufthansa and others.

At K&C we work with different projects — websites, portals, platforms, mobile (iOS, Android), intranet-systems. The combination of our expertise in cutting-edge technologies, 15 years’ collaborative experience with leading European clients, and a friendly and productive work environment has enabled us to turn traditional IT outsourcing into a reliable and competitive product.

Send us your CV and
Cover Letter

K&C (Krusche & Company GmbH)

St.-Pauls-Platz 9

80336 Munich


[email protected]

+49 89 4161 7569-00

Security Governance Specialist

"*" indicates required fields

Full Name*
Accepted file types: pdf, doc, docx, Max. file size: 5 MB.
Accepted file types: pdf, doc, docx, Max. file size: 5 MB.