Verlag C.H.Beck GmbH & Co. KG

IT Security & Compliance Engineer – 2-year fixed-term

Verlag C.H.Beck GmbH & Co. KG

full-time

Posted on:

Location Type: Hybrid

Location: MünchenGermany

Visit company website

Explore more

AI Apply
Apply

About the role

  • Establish, operate and further develop a company-wide ISMS in accordance with ISO/IEC 27001:2022 and ISO/IEC 42001
  • Introduce and enhance structured and partially automated compliance processes, e.g., for evidence collection, controls and audit preparation
  • Integrate regulatory requirements (DORA, EU AI Act, NIS2, GDPR) into existing compliance structures
  • Prepare, coordinate and support internal and external audits, focusing on automation and minimizing documentation effort
  • Maintain the risk and asset register and perform standardized risk assessments in IT, AI and project contexts
  • Implement AI governance in line with ISO/IEC 42001 and establish AI risk management across the entire lifecycle
  • Implement the EU AI Act requirements for high-risk AI systems
  • Implement requirements for IT risk management, business continuity, disaster recovery and incident management as part of legal obligations
  • Develop, harmonize and maintain group-wide security policies
  • Work closely with IT, Legal, Data Protection, Procurement, Sales and external auditors and prepare regular management reports

Requirements

  • Degree in business law, IT law, law & compliance or a comparable qualification
  • Relevant professional experience in IT law, data protection, compliance, regulation or in interface roles between legal and IT teams
  • Solid knowledge of relevant standards and regulations, in particular: ISO/IEC 27001, ISO/IEC 42001, GDPR, EU AI Act, DORA, NIS2
  • Proven further training in information security, ideally as an ISO/IEC 27001 Practitioner, Lead Implementer or Lead Auditor
  • Experience analyzing regulatory requirements, preparing compliance documentation and supporting internal and external audits
  • Strong communication skills and confident presence with auditors, business units and management
  • Structured, independent and solution-oriented working style with strong analytical skills
  • Excellent German and English skills
  • Advantageous: experience with GRC/TPRM tools (e.g. OneTrust, Vanta, Drata) and interest in automation and RegTech approaches.
Benefits
  • Sports and health offers — partnership with EGYM
  • Flexible working hours: 37.5 hours/week full-time with flexitime and home office options
  • After-work beers, internal company fair for employees, summer and winter parties
  • Commuting and lunch subsidies, parking with EV charging infrastructure, book discounts & much more!
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
ISO/IEC 27001ISO/IEC 42001GDPREU AI ActDORANIS2risk assessmentsAI governanceIT risk managementcompliance documentation
Soft Skills
strong communication skillsanalytical skillsstructured working styleindependent working stylesolution-oriented working styleconfident presencecollaborationreport preparation
Certifications
ISO/IEC 27001 PractitionerISO/IEC 27001 Lead ImplementerISO/IEC 27001 Lead Auditor