IT Security - Governance, Risk & Compliance Manager (all genders)

Company Description

Roland Berger, founded in 1967, is the only strategy consultancy of European origin with a strong international presence. We support major international industrial and service companies as well as public institutions in all aspects of corporate management - from strategic alignment to the introduction of new business processes and organizational structures. We value diverse perspectives and approaches, and rely on the diversity of our employees. We seek authentic personalities with an entrepreneurial spirit who are proactive and team-oriented.

Job Description

As Security GRC Manager (all genders), you will be part of Roland Berger’s global IT security team. You will work with motivated colleagues to enhance the security of our IT environment, assets, and intellectual property.

Responsibilities include:

1. Leading security governance, risk, and compliance (GRC) efforts related to Data Loss Prevention (DLP), eDiscovery, and information governance within an Azure-centric infrastructure.
2. Defining and managing compliance roadmaps aligned with standards such as ISO 27001, NIS2, and GDPR.
3. Supporting internal stakeholders to maintain audit readiness and overseeing the implementation of Microsoft Purview, DLP policies, and other M365 security controls.
4. Collaborating with legal and GRC teams on eDiscovery and regulatory response workflows.
5. Providing expert input into customer RFPs and due diligence questionnaires, ensuring compliance and security alignment.
6. Assisting in maturing security policies, procedures, and documentation in line with Azure and Microsoft 365 technologies.

Qualifications include:

1. Proven experience in GRC, information security, or IT compliance roles with a hands-on approach.
2. Strong understanding of Microsoft Purview, Azure Information Protection, M365 DLP/eDiscovery features, or similar tools and environments.
3. Experience with ISO 27001 or Cyber Essentials certification programs.
4. Excellent writing and communication skills, especially in security questionnaires and RFP responses.
5. Knowledge of data privacy regulations (GDPR, CCPA) and risk assessment methodologies.
6. Ability to collaborate cross-functionally with technical, legal, and business stakeholders.
7. Certifications such as CISA, CISM, ISO 27001 Lead Implementer/Auditor, or Microsoft Security certifications are advantageous.

Additional Information

If you are interested, we look forward to receiving your complete application (resume, testimonials, references). For more details, visit join.rolandberger.com. For questions, contact Julia Obermair at +49 89 9230-9169.