Main Tasks:
• Ensuring Compliance with Security and Regulatory Requirements: Monitor and assess adherence to legal, regulatory, and internal requirements in information security and data protection.
• Conducting Audits and Assessments: Plan, coordinate, and execute internal and external audits as well as risk and compliance assessments to identify vulnerabilities and areas for improvement.
• Consulting and Training: Support and raise awareness among business units and employees on compliance and security topics; conduct awareness trainings.
• Risk Management: Identify, assess, and track risks related to information security and compliance; develop and implement risk mitigation measures.
• Reporting and Communication: Prepare compliance status reports and communicate results and recommendations to management and relevant stakeholders.
• Collaboration with Internal and External Partners: Work closely with IT, data protection, legal, internal audit, as well as external auditors and authorities.
• Preparation and Support of Certifications: Assist in the preparation and execution of certifications (e.g., ISO 27001, TISAX) and ensure ongoing compliance with requirements.
• Continuous Improvement: Analyze incidents, derive lessons learned, and continuously enhance compliance and security processes.
Minimum Education and Qualification Requirements for the Position:
• Degree in IT, business informatics, engineering, or a comparable qualification.
• Several years of professional experience in information security, compliance, audit, or risk management.
• Knowledge of relevant standards and legal requirements (e.g., ISO 27001, GDPR, NIS2).
• Analytical thinking, strong communication skills, and assertiveness.
• Certifications such as CISA, CISM, CISSP, or ISO 27001 Lead Auditor are an advantage.
Soft Skills:
• Exceptional collaboration and interpersonal skills with a proven ability to foster cooperation and empower a diverse team.
• Strong strategic thinking and problem-solving capabilities.
• Excellent communication and interpersonal skills, facilitating effective collaboration with diverse stakeholder groups at all levels.
Tools and Technology Skills:
• Proficient in GRC tools for managing governance, risk, and compliance processes, ensuring effective integration and reporting.
• Familiarity with security frameworks and compliance standards such as ISO 27001, NIS2, and the Cyber Resilience Act, etc., to ensure proper alignment with regulatory requirements.
• Proficiency in utilizing collaboration tools such as M365 and SharePoint to streamline communication and documentation within teams.
At BASF, we create chemistry for a sustainable future. Our ambition: We want to be the preferred chemical company to enable our customers’ green transformation. We combine economic success with environmental protection and social responsibility. Around 112,000 employees in the BASF Group contribute to the success of our customers in nearly all sectors and almost every country in the world. Our portfolio comprises, as core businesses, the segments Chemicals, Materials, Industrial Solutions, and Nutrition & Care; our standalone businesses are bundled in the segments Surface Technologies and Agricultural Solutions. BASF generated sales of €65.3 billion in 2024. BASF shares are traded on the stock exchange in Frankfurt (BAS) and as American Depositary Receipts (BASFY) in the United States.
Credits: https://www.basf.com/global/en/legal/credits
Data protection information: https://www.basf.com/global/en/legal/data-protection-at-basf.html
