Corporate IT Security & Risk Oversight Owner (ISO Corporate IT, 2nd Line of Defense)

Are you experienced in navigating security risk and compliance in an international environment? Do you enjoy combining technical acumen with IT audit, governance, and senior stakeholder collaboration? If so, we’d love to welcome you as our new: Corporate IT Security & Risk Oversight Owner (ISO Corporate IT, 2nd Line of Defense)

YOUR AREAS OF IMPACT:

• Provide independent information security and risk oversight for SEEBURGER Corporate IT in the Second Line of Defense
• Report directly to the Global Head of Governance, Risk & Compliance
• Align Corporate IT at a governance level with SEEBURGER management systems, including:
• Information Security Management System (ISMS)
• Data Protection Management System (DSMS)
• Business Continuity Management System (BCM)
• AI Management System (AIMS)
• Enterprise Risk Management System (ERM) incl. Third Party Risk Management System (TPRM)
• Coordinate the creation, maintenance, and continuous improvement of Information Security Process Descriptions within the Corporate IT scope, in alignment with SEEBURGER policies, standards, and control frameworks
• Maintain a complete and up‑to‑date overview of all Corporate IT systems, infrastructure components, platforms, applications, and tools, including security‑relevant classifications and governance attributes
• Assess and review security and risk implications related to Corporate IT architectures, systems, processes, and operational models
• Perform and coordinate customer security assessments, which includes:
• Reviewing and validating customer security questionnaires
• Supporting customer due diligence and assurance requests
• Ensuring consistent documentation of customer‑facing security statements
• Plan, execute and document risk‑based internal audits and control reviews within the Corporate IT scope.
• Monitor and evaluate control design and control effectiveness for Corporate IT systems and processes
• Support Third‑Party Risk Management (TPRM) in the Corporate IT context, specifically:
• Providing governance‑level support for vendor, system, and tool‑related risk assessments
• Participating in reviews of Corporate IT tools and infrastructure components
• Supporting security and risk assessments related to AI tools within Corporate IT
• Support external certifications, audits, and assurance activities relevant to Corporate IT, including:
• TISAX
• ISO/IEC 27001:2022
• SOC 1
• SOC 2
• BSI C5
• CyberVadis
• Coordinate and provide audit evidence for Corporate IT scopes, ensuring structured handling of auditor inquiries
• Track, document and follow‑up on audit findings, deviations, and remediation measures within the GRC framework
• Execute Second Line of Defense responsibility for Business Continuity Management (BCM) within Corporate IT, including:
• Overseeing business continuity concepts for Corporate IT
• Reviewing business impact analyses and continuity measures
• Assessing BCM control effectiveness and coordinating BCM tests
• Support the SEEBURGER Global Data Protection Manager in data protection matters related to Corporate IT systems and services, including alignment with the DSMS and support during audits and assessments
• Maintain security, risk, data protection, BCM, audit and tool-related documentation for Corporate IT oversight
• Contribute to GRC reporting, management reviews, and internal governance bodies regarding Corporate IT security, risk, data protection, business continuity, and tool governance topics
• Coordinate with Corporate IT and other relevant stakeholders strictly in an oversight and assurance function
• Escalate material risks, control deficiencies, or compliance gaps through defined GRC governance channels

YOU:

• Education & Experience: Degree in IT, Information Security (or similar) + 8+ years of professional experience in a 2nd Line of Defense (2LoD), IT audit, or GRC role
• Security & Risk Expertise: Strong knowledge of ISMS (ISO 27001), BCM (ISO 22301), and Enterprise Risk Management (ERM)
• Audit & Compliance: Hands-on experience executing risk-based internal audits and checking IT controls
• Third-Party & Customer Assurance: Experience with TPRM and handling customer security questionnaires
• Technical Acumen: Ability to spot security and risk implications in complex IT systems and architectures
• Languages: Fluent English; German is a big plus
• Mobility & Workstyle: Highly independent, analytical, and comfortable collaborating with senior stakeholders, with readiness for quarterly business travels to Germany
• Certifications: Relevant professional certifications (such as CISM, CRISC, or CISA) are a distinct advantage

WE:

• 280+ new teammates in Bulgaria in a casual setting promoting cooperation and work-life balance
• Flat hierarchies in a state-of-the-art tech setting, close mentorship and shadowing paced with your own professional agenda
• Hybrid working model, 25 days off (up to 30 days off after 5 yrs), Birthday leave, Christmas bonus, additional health and dental insurance, 3 additional self-care days off, food vouchers, sports plan, referral bonus, team events, corporate discounts, transport and Internet expenses covered, internal trainings, LinkedIn Learning access, professional conferences etc.