Job Description

Your responsibilities:

• conducting security assessments and control validation across products, systems and internal processes,
• evaluating the effectiveness of technical and administrative security controls using frameworks such as ISO 27001, NIST 800-53, SOC2 and industry standards,
• performing continuous assurance activities to maintain compliance with internal policies and external regulatory requirements,
• identifying control gaps, preparing clear findings and tracking remediation activities,
• supporting risk assessments by analyzing security risks and recommending mitigation strategies,
• reviewing system architectures, data flows and configurations for assurance considerations,
• providing expert input for security exception processes and risk treatment plans,
• collaborating with engineering, IT, product security, procurement and operations to embed assurance requirements,
• participating in design reviews, supplier risk evaluations and security improvement initiatives,
• creating assurance reports, dashboards and metrics for leadership visibility,
• analyzing trends from assessments and incidents to identify systemic improvement opportunities,
• contributing to the development of security assurance strategy, processes and tooling.

Our requirements:

• bachelor’s degree in Information Security, Computer Science, IT or a related field (or equivalent experience),
• 3+ years of experience in security assurance, security compliance, audit, risk management or technical security roles,
• strong understanding of security frameworks such as IEC 62443, ISO 27001, NIST CSF, NIST 800-53, SOC 2 and CIS Controls,
• experience conducting assessments, validating controls or supporting security audits,
• ability to interpret technical architectures, security controls and risk impacts,
• excellent communication skills, with the ability to translate technical findings into clear, actionable guidance,
• strong analytical and problem‑solving skills with high attention to detail.

Optional:

• certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Auditor/Implementer or Security+.
• experience in regulated industries such as automotive, critical infrastructure, financial services, cloud or manufacturing.
• familiarity with secure development practices, cloud security or product security assurance.
• experience with GRC or assurance tools such as Archer, ServiceNow GRC, OneTrust or Drata.

We offer:

• remote work up to 11 days per month (after a 3-month induction period),
• attractive salary and package,
• creative and challenging work in an international environment,
• interesting projects and development opportunities,
• friendly atmosphere and team support,
• attractive benefits package (e.g. private medical care, sports card, life insurance, language training, holiday allowance),
• incentive programs.