Security Risk and Compliance Officer

A few of the partners we’re proud to be trusted by:

We are recruiting a Security Risk and Compliance Officer with experience in risk management and compliance within cybersecurity, extensive knowledge of industry standards, and strong communication skills. Find a full list of the required qualifications below.

This is a fully remote role embedded with our client – a major German software group.

As a Security Risk and Compliance Officer, you are responsible for managing third-party risks and ensuring the comprehensive assessment, monitoring, and enhancement of cybersecurity risk management and compliance processes throughout the company. This role includes close collaboration with procurement, legal, IT, and subsidiary teams to identify potential risks, enforce compliance, conduct internal audits, and maintain an up-to-date risk register and compliance documentation.

Responsibilities

Third Party Risk Management:

  • Develop and maintain the third-party risk management framework and supporting materials.
  • Determine inherent risk classifications for third parties.
  • Perform due diligence for security risk assessment on both new and existing vendors.
  • Regular reassessment and reporting on third-party risks.

Cyber Risk Management:

  • Work collaboratively with Governance to address cyber risk issues.
  • Maintain and update the risk register with comprehensive data.
  • Liaise with respective ISOs to identify business-specific risks.
  • Engage with the SOC to model threats and assess potential risks to the organization.
  • Ensure all initiatives align with the company’s defined risk appetite.
  • Evaluate risks involved with new projects in coordination with PMO and IT teams.

Exception Management:

  • Oversee the exception management process and communicate procedures effectively.
  • Handle incoming requests for policy or standard exceptions.
  • Maintain a detailed record of exception requests and their current statuses, re-raising them as their exception period expires.

Compliance:

  • Ensure regulatory requirements are met and monitored across all subsidiaries.
  • Produce in-depth reports on compliance status with applicable regulatory standards.
  • Identify potential compliance risks, document them and communicate them accordingly.
  • Keep and manage a repository of all compliance regulations relevant to the company.
  • Implement new and use existing tools for constant compliance monitoring and adapt to changing security regulations.

Internal Audit and Quality Assurance:

  • Conduct regular internal security audits or coordinate third-party audits.
  • Author comprehensive reports for upper management and follow up on audit findings.
  • Collaborate with the Security Architecture & Advisory function to integrate security requirements into project lifecycles.
  • Review and maintain security documentation and project compliance.

Experience and qualifications

  • Bachelor’s degree in Information Security, Computer Science, or a related
    field; advanced degree preferred.

  • Certifications such as CRISC, CISA, or CISSP are highly advantageous.

  • Significant experience in risk management and compliance within cybersecurity.

  • Extensive knowledge of industry standards (such as ISO 27001, NIST, GDPR, etc.).

  • Proficiency in cybersecurity technologies and threat modelling.

  • Strong analytical, organizational, and communication skills (in fluent English).

What we offer

  • An opportunity to work in a cutting-edge field and handle critical security risk and compliance challenges.

  • Career development opportunities through continuous learning and professional growth.

  • A collaborative work environment that values innovation and creativity.

Why join the K&C team and this project?

  • German IT company with HQ in Munich
  • 23 years history
  • Competitive compensation
  • Talented team with flat hierarchy
  • Flexible working schedule

Sounds interesting? We are excited to get to know you!

If you have any questions you would like to ask or if there is any additional information you would like to receive, please feel free to get in touch via either [email protected] or the contact form at the bottom of this page.

SHARE WITH FRIEND

Working with K&C

K&C has a win-win organisational culture –
we know we only succeed when our team members do too!

K&C is an international software development company with 100+ experts split between our offices in Munich (HQ) Kyiv, Krakow, Sofia, Baku and Sulaimaniya. We provide consulting and direct services for the complex IT-Projects of major European clients such as Commerzbank, Nestle, Bosch, Raiffeisen, METRO, DER Touristik, Lufthansa and others.

At K&C we work with different projects — websites, portals, platforms, mobile (iOS, Android), intranet-systems. The combination of our expertise in cutting-edge technologies, 15 years’ collaborative experience with leading European clients, and a friendly and productive work environment has enabled us to turn traditional IT outsourcing into a reliable and competitive product.

Send us your CV and
Cover Letter

K&C (Krusche & Company GmbH)

St.-Pauls-Platz 9

80336 Munich

Germany

[email protected]

+49 89 4161 7569-00

Security Risk and Compliance Officer

"*" indicates required fields

Full Name*
Accepted file types: pdf, doc, docx, Max. file size: 5 MB.
Accepted file types: pdf, doc, docx, Max. file size: 5 MB.