Information Security Coordinator for Governance, Risk and Compliance

Company Description

Creating a future worth living for future generations gets us out of bed every morning. Depending on the project, we are consultants, implementers, or both for sustainable, innovative, and economical solutions for real estate, industry, energy, and infrastructure. Our more than 6,500 employees at 70 locations worldwide support our customers in interdisciplinary teams. Our thinking is both visionary and realistic. We work independently and as part of a team, with passion and the latest technologies. We unite. Join us at Dreso and let's create a world we want to live in.

Job Description

The Information Security Coordinator for GRC is a seasoned professional with extensive expertise in Governance, Risk, and Compliance (GRC). This role requires a deep understanding of global cybersecurity frameworks, regulations, and best practices. The coordinator supports Drees & Sommer's mission by ensuring regulatory compliance, business continuity, and information security maturity. Key responsibilities include supporting audit programs, developing and maintaining the company's BCM framework, and embedding cybersecurity controls within large-scale, multinational environments.

Core Responsibilities

1. GRC Execution & Advisory: Support the development and maintenance of cybersecurity governance, risk, and compliance frameworks aligned with standards such as ISO/IEC 27001, 27701, 22301, TISAX, NIS2.
2. Audit Preparation & Support: Conduct internal security assessments and support external audits by preparing documentation, identifying non-conformities, and ensuring corrective actions.
3. Policy Implementation: Draft, maintain, and ensure correct application of cybersecurity policies across business units.
4. Risk & Control Assessment: Execute technical risk assessments and control evaluations; support continuous improvement of risk treatment plans.
5. BCM Program Coordination: Support development, implementation, and maintenance of the company's BCM framework.
6. Business Impact Analysis (BIA): Assist in conducting and updating BIAs to assess potential disruptions.
7. Continuity Planning: Develop and maintain business continuity and disaster recovery plans, ensuring alignment with security and risk strategies.
8. Compliance Monitoring: Ensure adherence to data protection laws like GDPR and internal security guidelines.
9. Project Involvement: Act as cybersecurity expert in cross-functional projects, ensuring cybersecurity requirements are met.
10. Documentation & Reporting: Maintain documentation for compliance and support reporting to cybersecurity committees or auditors.
11. Security Tools & Processes: Support the use of GRC tools, risk dashboards, and control platforms.

Qualifications

1. Deep knowledge of international cybersecurity standards (ISO/IEC 27001, 27701, 22301, NIST, GDPR).
2. Experience in compliance programs and audit readiness.
3. Practical experience with risk assessments and mitigation.
4. Proficiency in policy and process implementation.
5. Strong technical writing and documentation skills.
6. Awareness of operational security practices in IT and industrial environments.
7. Analytical thinking and attention to detail.
8. Fluent in English (C1 level).

Certifications & Qualifications

1. ISO 27001/27701/22301 Implementer or Auditor.
2. ITIL Certified.
3. IPMO - International Project Management Officer.

Additional Information

• Dynamic, collaborative environment with cybersecurity as a strategic priority.
• Team valuing creativity, initiative, and continuous improvement.
• Option for mobile working to support work-life balance.
• Professional development through training and education at Drees & Sommer Academy.
• Health support with sports bonuses and private health insurance options.
• Tax advantages for commuting, meals, and kindergarten expenses.
• Employee referral bonus schemes.