Merkur

IT Security Manager, GRC

Merkur

full-time

Posted on:

Location Type: Office

Location: EspelkampGermany

Visit company website

Explore more

AI Apply
Apply

About the role

  • Establish the GRC framework for information security
  • Continuously develop the GRC framework
  • Embed governance, risk and compliance structures across the company
  • Ensure compliance with relevant legal, regulatory and industry requirements (e.g. ISO 27001, NIS2, DORA, BSI IT-Grundschutz, NGCB 5.260)
  • Conduct internal audits and support external audits and inspections
  • Support the further development of the ISMS
  • Identify, assess and document IT and information security risks
  • Perform risk analyses and derive appropriate measures
  • Track risks, mitigation measures and deviations
  • Advise IT teams and business units on risk-oriented decisions
  • Prepare reports, KPIs and management-level documentation

Requirements

  • Degree in Computer Science, Business Informatics, IT Security or completed vocational training in IT (e.g. IT specialist – System Integration) with relevant professional experience
  • Several years of experience in IT security, ISMS or IT risk management
  • Strong knowledge of relevant standards, norms and regulatory requirements (e.g. ISO 27001, DORA, NIS2, BSI IT-Grundschutz, NGCB 5.260)
  • Experience conducting risk analyses, audit processes and implementing security measures
  • Ideally certified in ISO 27001, CISM, CISSP or CRISC
  • Analytical, structured and independent working style, strong communication and advisory skills, and willingness to travel approx. 10–20%
Benefits
  • 30 days vacation
  • Flexible working time models
  • Option for mobile/remote working
  • Company mobile phone
  • Tablet
  • In-house training center
  • Opportunities for technical and professional development across the group
  • Company-wide employee events
  • Department events
  • Occupational health management
  • Company sports activities
  • Occupational disability insurance (income protection)
  • Company pension scheme
  • E-bike leasing
  • Corporate Benefits program
  • Employee discounts
  • Local offers depending on location
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
GRC frameworkISMSrisk managementrisk analysisinternal auditsexternal auditscompliance measuresIT securitydocumentationKPI preparation
Soft Skills
analytical skillsstructured working styleindependent working stylecommunication skillsadvisory skills
Certifications
ISO 27001CISMCISSPCRISC