Click here to download our latest salary guide
arrow-leftBack to the previous page

Information Security & Compliance Manager

Job Type:
Date Posted:
16 days ago
Expiry Date:
Job Ref:
Start Date:
Jonathan Malone
Contact Email:
InfoSec, GRC & Vulnerabilities

I am partnered with a Global organisation with HQ in Hamburg who are looking for a leader in Information Security Management Systems (ISMS) and compliance for cloud environments, including AWS and Azure, as well as software development processes.


The responsibilities of the role can be seen below:

-Develop and implement a Governance, Risk, and Compliance (GRC) strategy for cloud services and agile software development.

-Collaborate with architects to define security controls and processes, ensuring compliance and trust in the cloud environment and DevOps processes.

-Support the creation of an efficient, automated ISMS and DevSecOps process, fostering compliant standard solutions.

-Identify external/regulatory requirements and work with business, Data Protection Officers, and Legal to translate them into ISMS policies and controls.

-Manage compliance with external requirements and industry standards such as ISO 27001, TISAX, SOC2.

-Educate and empower architects and developers on Information & Cyber Security Risks, regulations, and compliance.

-Collaborate across CISO, IT, and Business departments to ensure organization-wide compliance and effective risk management.

-Stay abreast of the latest information and cyber security trends and threats, providing recommendations for improvement.

-Establish and maintain relationships with auditors, vendors, and industry experts for compliance and continuous improvement.

-Manage information security policy violations with the support of ISMS and IS risk specialists.


Your profile:

-Extensive experience in information & cyber security GRC or architecture roles.

-Strong knowledge of information security principles, frameworks, and best practices.

-Familiarity with current cloud architectures, security, and AWS/Azure solutions.

-Understanding of microservices, serverless architectures, and containerization technologies.

-Experience with agile development frameworks (SAFe, KANBAN, SCRUM) and project management.

-Strong analytical and problem-solving skills with attention to detail.

-Excellent communication, presentation, and training abilities for both technical and non-technical stakeholders.

-Familiarity with regulatory requirements and industry standards related to information security and data privacy.

-Collaborative mindset with experience working across Legal, DPO, Risk & Control, Audit, and Procurement teams.

-Experience in large international organizations and handling enterprise-level projects.

-Certifications such as CISSP, CISA, CRISC, IT/Security Vendor Certifications, ISO27001 Lead Auditor, or similar are a bonus.

-Fluency in written and spoken English.


Lots of benefits included within this company which I would be happy to share upon request. Please submit your application and I will get in touch to discuss further.


For your job application, please fill in the form below.
Jonathan Malone

Jonathan Malone

Specialisms: Cyber, InfoSec, GRC & Vulnerabilities, Security Architecture & Engineering, Network Security & Operations

Latest Jobs